Pubs intempestive, ouvertures de pages inexistantes,etc [résolu]
Dernière réponse : dans Sécurité
Bonjour, depuis plus d'un mois, dès que je vais sur iexplorer, j'ai plusieurs pages qui s'ouvrent, des pages avec écris "impossible d'ouvrir la page", des pub pour des antivirus, des sites "louches" ![:o]( ":o")
...en plus, mon ordinateur rame depuis cette même infection.J'ai avast, zonealarm et spybot, mais ils ne trouvent rien (sauf spybot qui trouve continuellement les meme choses, et les supprimes).Je ne sais pas poster de log.Merci d'avance pour votre aide!
...en plus, mon ordinateur rame depuis cette même infection.J'ai avast, zonealarm et spybot, mais ils ne trouvent rien (sauf spybot qui trouve continuellement les meme choses, et les supprimes).Je ne sais pas poster de log.Merci d'avance pour votre aide! Autres pages sur : pubs intempestive ouvertures pages inexistantes resolu
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
AIDE : Tuto en vidéo sur Hijackthis
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
AIDE : Tuto en vidéo sur Hijackthis
Merci le voila:
Logfile of HijackThis v1.99.1
Scan saved at 00:25:18, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DaMi$$\Local Settings\Temp\wz193c\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fluo.com/?m=DAMI$$
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\togeqrfe.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: dem.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 00:25:18, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DaMi$$\Local Settings\Temp\wz193c\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fluo.com/?m=DAMI$$
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\togeqrfe.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: dem.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Re,
C'est une infection Vundo.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
C'est une infection Vundo.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Pardon je devais redémarrer le pc voila le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 16:52:45, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DaMi$$\Bureau\hijackthis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.neo.cx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {07E67309-DDB6-4F21-ABEB-C25E5FFA4703} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {1FAF5474-E663-4435-96C6-1804D2731A6A} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\tkelmxms.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B572F27E-E372-4C72-B3FB-11F376E21785} - C:\WINDOWS\system32\ddcaayw.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\togeqrfe.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: dem.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:52:45, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DaMi$$\Bureau\hijackthis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.neo.cx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {07E67309-DDB6-4F21-ABEB-C25E5FFA4703} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {1FAF5474-E663-4435-96C6-1804D2731A6A} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\tkelmxms.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B572F27E-E372-4C72-B3FB-11F376E21785} - C:\WINDOWS\system32\ddcaayw.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\togeqrfe.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: dem.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
et le rapport vundofix:
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 16:10:31 12/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\efrqegot.ini
C:\WINDOWS\system32\efrqegot.tmp
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jpjjkhut.ini
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mywqibkh.dll
C:\WINDOWS\system32\pmnomji.dll
C:\WINDOWS\system32\tkelmxms.dll
C:\WINDOWS\system32\togeqrfe.dll
C:\WINDOWS\system32\tuhkjjpj.dll
C:\WINDOWS\system32\urqnmmm.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddcaayw.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\efrqegot.ini
C:\WINDOWS\system32\efrqegot.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\efrqegot.tmp
C:\WINDOWS\system32\efrqegot.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gebcc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jpjjkhut.ini
C:\WINDOWS\system32\jpjjkhut.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mywqibkh.dll
C:\WINDOWS\system32\mywqibkh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnomji.dll
C:\WINDOWS\system32\pmnomji.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tkelmxms.dll
C:\WINDOWS\system32\tkelmxms.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\togeqrfe.dll
C:\WINDOWS\system32\togeqrfe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuhkjjpj.dll
C:\WINDOWS\system32\tuhkjjpj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqnmmm.dll
C:\WINDOWS\system32\urqnmmm.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 16:20:22 12/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\yccdd.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddcaayw.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\yccdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddcaayw.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 16:36:57 12/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\vbtqatuc.dll
C:\WINDOWS\system32\yccdd.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddcaayw.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vbtqatuc.dll
C:\WINDOWS\system32\vbtqatuc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddcaayw.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 16:10:31 12/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\efrqegot.ini
C:\WINDOWS\system32\efrqegot.tmp
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jpjjkhut.ini
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mywqibkh.dll
C:\WINDOWS\system32\pmnomji.dll
C:\WINDOWS\system32\tkelmxms.dll
C:\WINDOWS\system32\togeqrfe.dll
C:\WINDOWS\system32\tuhkjjpj.dll
C:\WINDOWS\system32\urqnmmm.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddcaayw.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\efrqegot.ini
C:\WINDOWS\system32\efrqegot.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\efrqegot.tmp
C:\WINDOWS\system32\efrqegot.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\gebcc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jpjjkhut.ini
C:\WINDOWS\system32\jpjjkhut.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\mljjj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mywqibkh.dll
C:\WINDOWS\system32\mywqibkh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnomji.dll
C:\WINDOWS\system32\pmnomji.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tkelmxms.dll
C:\WINDOWS\system32\tkelmxms.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\togeqrfe.dll
C:\WINDOWS\system32\togeqrfe.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tuhkjjpj.dll
C:\WINDOWS\system32\tuhkjjpj.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\urqnmmm.dll
C:\WINDOWS\system32\urqnmmm.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 16:20:22 12/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\yccdd.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddcaayw.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\yccdd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddcaayw.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 16:36:57 12/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\vbtqatuc.dll
C:\WINDOWS\system32\yccdd.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddcaayw.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ddccy.dll
C:\WINDOWS\system32\ddccy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\vbtqatuc.dll
C:\WINDOWS\system32\vbtqatuc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\yccdd.ini
C:\WINDOWS\system32\yccdd.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddcaayw.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Re,
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.neo.cx
O2 - BHO: (no name) - {07E67309-DDB6-4F21-ABEB-C25E5FFA4703} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {1FAF5474-E663-4435-96C6-1804D2731A6A} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\tkelmxms.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B572F27E-E372-4C72-B3FB-11F376E21785} - C:\WINDOWS\system32\ddcaayw.dll
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\togeqrfe.dll",setvm
O4 - Global Startup: dem.exe
Clique sur Fix checked (en bas à gauche)
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\0106.exe
C:\WINDOWS\system32\togeqrfe.dll
C:\Program Files\user32.exe
---> Clique-droit puis Copier
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.neo.cx
O2 - BHO: (no name) - {07E67309-DDB6-4F21-ABEB-C25E5FFA4703} - C:\WINDOWS\system32\ddccy.dll (file missing)
O2 - BHO: (no name) - {1FAF5474-E663-4435-96C6-1804D2731A6A} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\tkelmxms.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B572F27E-E372-4C72-B3FB-11F376E21785} - C:\WINDOWS\system32\ddcaayw.dll
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\0106.exe
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\togeqrfe.dll",setvm
O4 - Global Startup: dem.exe
Clique sur Fix checked (en bas à gauche)
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\0106.exe
C:\WINDOWS\system32\togeqrfe.dll
C:\Program Files\user32.exe
---> Clique-droit puis Copier
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
voila le rapport
DllUnregisterServer procedure not found in
C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddcaayw.dll NOT unregistered.
C:\WINDOWS\system32\ddcaayw.dll moved successfully.
File/Folder C:\WINDOWS\system32\0106.exe not found.
File/Folder C:\WINDOWS\system32\togeqrfe.dll not found.
File/Folder C:\Program Files\user32.exe not found.
Created on 04/12/2007 17:19:00
DllUnregisterServer procedure not found in
C:\WINDOWS\system32\ddcaayw.dll
C:\WINDOWS\system32\ddcaayw.dll NOT unregistered.
C:\WINDOWS\system32\ddcaayw.dll moved successfully.
File/Folder C:\WINDOWS\system32\0106.exe not found.
File/Folder C:\WINDOWS\system32\togeqrfe.dll not found.
File/Folder C:\Program Files\user32.exe not found.
Created on 04/12/2007 17:19:00
Logfile of HijackThis v1.99.1
Scan saved at 17:28:42, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\DaMi$$\Bureau\hijackthis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 17:28:42, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\DaMi$$\Bureau\hijackthis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ton pc se comporte mieux ?
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 12/04/2007 a 18:02:53,87
*** Recherche de fichiers sur C:
C:\my.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\dr.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
"C:\Program Files\serial.zip" FOUND
"C:\Program Files\serial.dat" FOUND
"C:\Program Files\serial.zip" FOUND
*** Fin du rapport !
Option 1, executee le 12/04/2007 a 18:02:53,87
*** Recherche de fichiers sur C:
C:\my.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\dr.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
"C:\Program Files\serial.zip" FOUND
"C:\Program Files\serial.dat" FOUND
"C:\Program Files\serial.zip" FOUND
*** Fin du rapport !
Re,
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
[#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.
Redémarre normalement
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
Poste le rapport clean : C:\rapport_clean.txt
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
[#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.
Redémarre normalement
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
Poste le rapport clean : C:\rapport_clean.txt
Voila le rapport AVG
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 20:11:51 12/04/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{1D834AF8-41D9-4638-AC38-81E2B981ECF3}\RP61\A0009882.EXE -> Adware.Background : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1D834AF8-41D9-4638-AC38-81E2B981ECF3}\RP62\A0010825.exe -> Adware.Background : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1D834AF8-41D9-4638-AC38-81E2B981ECF3}\RP23\A0002385.exe -> Hijacker.StartPage.ans : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1D834AF8-41D9-4638-AC38-81E2B981ECF3}\RP62\A0010851.exe -> Hijacker.StartPage.ans : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1D834AF8-41D9-4638-AC38-81E2B981ECF3}\RP66\A0012469.exe -> Hijacker.StartPage.ans : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Le rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 20:34:53, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DaMi$$\Bureau\hijackthis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\bvmaarhj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FA58D791-4B64-497F-B432-FCD1B72E18EA} - C:\WINDOWS\system32\vturq.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\eeantxyg.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: vturq - C:\WINDOWS\system32\vturq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Par contre je n'ai pas le rapport Clean, il n'est pas dans C:\
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 20:11:51 12/04/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{1D834AF8-41D9-4638-AC38-81E2B981ECF3}\RP61\A0009882.EXE -> Adware.Background : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1D834AF8-41D9-4638-AC38-81E2B981ECF3}\RP62\A0010825.exe -> Adware.Background : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1D834AF8-41D9-4638-AC38-81E2B981ECF3}\RP23\A0002385.exe -> Hijacker.StartPage.ans : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1D834AF8-41D9-4638-AC38-81E2B981ECF3}\RP62\A0010851.exe -> Hijacker.StartPage.ans : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{1D834AF8-41D9-4638-AC38-81E2B981ECF3}\RP66\A0012469.exe -> Hijacker.StartPage.ans : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Le rapport Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 20:34:53, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DaMi$$\Bureau\hijackthis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\bvmaarhj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FA58D791-4B64-497F-B432-FCD1B72E18EA} - C:\WINDOWS\system32\vturq.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\eeantxyg.dll",setvm
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: vturq - C:\WINDOWS\system32\vturq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Par contre je n'ai pas le rapport Clean, il n'est pas dans C:\
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 12/04/2007 a 20:56:49,32
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\dr.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
"C:\Program Files\serial.zip" FOUND
"C:\Program Files\serial.dat" FOUND
"C:\Program Files\serial.zip" FOUND
*** Fin du rapport !
Option 1, executee le 12/04/2007 a 20:56:49,32
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\dr.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
"C:\Program Files\serial.zip" FOUND
"C:\Program Files\serial.dat" FOUND
"C:\Program Files\serial.zip" FOUND
*** Fin du rapport !
Tu n'as rien supprimé avec clean.
Redémarre en mode sans échec
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.
Redémarre normalement
Poste le rapport clean : C:\rapport_clean.txt
Redémarre en mode sans échec
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.
Redémarre normalement
Poste le rapport clean : C:\rapport_clean.txt
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 12/04/2007 a 21:27:51,25
Microsoft Windows XP [version 5.1.2600]
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\dr.exe
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
tentative de suppression de "C:\Program Files\serial.zip"
tentative de suppression de "C:\Program Files\serial.dat"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 12/04/2007 a 21:27:51,25
Microsoft Windows XP [version 5.1.2600]
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\dr.exe
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp
tentative de suppression de "C:\Program Files\serial.zip"
tentative de suppression de "C:\Program Files\serial.dat"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Voila :
Logfile of HijackThis v1.99.1
Scan saved at 21:39:40, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DaMi$$\Bureau\hijackthis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1231F660-E3AE-415B-B368-E07F9F0837DA} - C:\WINDOWS\system32\vturq.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\bvmaarhj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: vturq - C:\WINDOWS\system32\vturq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 21:39:40, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DaMi$$\Bureau\hijackthis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1231F660-E3AE-415B-B368-E07F9F0837DA} - C:\WINDOWS\system32\vturq.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\bvmaarhj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: vturq - C:\WINDOWS\system32\vturq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Re,
Télécharge Combofix
Sauvegarde-le sur ton Bureau et pas ailleurs !
Clique sur le menu Démarrer puis Executer, copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v vturq
Clique sur [OK]. Suis les invites.
Attends que Combofix ait terminé, un rapport sera créé. Poste le rapport.
Télécharge Combofix
Sauvegarde-le sur ton Bureau et pas ailleurs !
Clique sur le menu Démarrer puis Executer, copie/colle ceci :
"%userprofile%\Bureau\combofix.exe" /v vturq
Clique sur [OK]. Suis les invites.
Attends que Combofix ait terminé, un rapport sera créé. Poste le rapport.
"DaMi$$" - 07-04-12 21:43:05 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\DaMi$$\Bureau"
Command switches used :: /v vturq
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\qrutv.bak1
C:\WINDOWS\system32\qrutv.ini
"C:\WINDOWS\system32\vturq.dll"
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-03-12 to 2007-04-12 ))))))))))))))))))))))))))))))))))
2007-04-12 20:43 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\ItsLabel
2007-04-12 20:42 <REP> d-------- C:\Program Files\eoRezo
2007-04-12 20:42 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\EoRezo
2007-04-12 19:06 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-12 19:06 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2007-04-12 19:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2007-04-12 19:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2007-04-12 19:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
2007-04-12 19:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
2007-04-12 19:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
2007-04-12 19:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2007-04-12 18:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-12 18:03 48,708 --a------ C:\WINDOWS\system32\bvmaarhj.dll
2007-04-12 18:03 123,972 --a------ C:\WINDOWS\system32\eeantxyg.dll
2007-04-12 16:47 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-04-12 16:32 76,412 --a------ C:\WINDOWS\system32\yhqygqlc.dll
2007-04-12 16:10 <REP> d-------- C:\VundoFix Backups
2007-04-10 16:45 <REP> d-------- C:\WINDOWS\system32\CPU Indicator SS
2007-04-10 16:33 <REP> d-------- C:\Program Files\CursorXP
2007-04-09 18:15 <REP> d-------- C:\Program Files\MOVAVI
2007-04-09 18:15 <REP> d-------- C:\Program Files\ConvertMovie 3.0 Bluesquad
2007-04-09 17:40 <REP> d-------- C:\DOCUME~1\DaMi$$\neuftalk
2007-04-09 17:39 <REP> d-------- C:\Program Files\neuf Talk
2007-04-08 14:18 <REP> d-------- C:\WINDOWS\BBStore
2007-04-08 14:18 <REP> d-------- C:\Program Files\Virtual Look 2
2007-04-08 14:02 <REP> d-------- C:\Program Files\MSXML 4.0
2007-04-08 14:02 <REP> d-------- C:\4803e9606cd9d897f4
2007-04-08 00:45 <REP> d-------- C:\Program Files\COSMOPOLITAN
2007-04-08 00:42 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-04-07 20:42 <REP> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-04-07 20:41 84,512 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-04-07 20:41 6,080 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-04-07 20:41 6,080 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2007-04-07 20:41 6,064 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-04-07 20:41 52,384 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2007-04-07 20:41 5,744 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-04-07 20:41 5,744 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2007-04-07 20:41 <REP> d-------- C:\WINDOWS\system32\Samsung
2007-04-07 20:41 <REP> d-------- C:\Program Files\Samsung
2007-04-04 02:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-04-02 22:04 <REP> d-------- C:\Program Files\WowCartographe
2007-04-02 17:57 <REP> d-------- C:\Program Files\Skype
2007-04-02 17:57 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-04-02 17:57 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Skype
2007-04-02 17:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-04-01 23:15 286,208 --a------ C:\WINDOWS\system32\binkw32.dll
2007-04-01 22:49 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-04-01 22:49 <REP> dr-h----- C:\DOCUME~1\DaMi$$\APPLIC~1\SecuROM
2007-04-01 22:37 <REP> d-------- C:\Program Files\Atari
2007-03-31 11:24 <REP> d-------- C:\Program Files\iTunes
2007-03-31 11:24 <REP> d-------- C:\Program Files\iPod
2007-03-30 21:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-03-28 22:51 <REP> d-------- C:\Program Files\Les Boucliers de Quetzalcoatl
2007-03-28 06:01 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Canon
2007-03-27 05:58 26 --a------ C:\WINDOWS\winstart.bat
2007-03-27 05:58 123 --a------ C:\WINDOWS\tmpcpyis.bat
2007-03-27 05:58 122 --a------ C:\WINDOWS\tmpdelis.bat
2007-03-27 05:57 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2007-03-27 05:57 1,053,184 --a------ C:\WINDOWS\system32\SierraNW.dll
2007-03-27 05:57 <REP> d-------- C:\WINDOWS\solcache
2007-03-27 05:56 <REP> d-------- C:\SIERRA
2007-03-27 05:56 <REP> d-------- C:\Program Files\Sierra On-Line
2007-03-26 15:32 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Apple Computer
2007-03-25 21:09 <REP> d-------- C:\WINDOWS\Sun
2007-03-25 21:09 <REP> d-------- C:\Program Files\Google
2007-03-25 21:09 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Sun
2007-03-25 21:09 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Google
2007-03-25 21:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-03-25 21:08 <REP> d-------- C:\Program Files\Java
2007-03-25 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-03-25 17:56 54,936 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-03-25 17:56 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-25 17:56 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-24 19:33 <REP> d-------- C:\DOCUME~1\DaMi$$\Contacts
2007-03-24 18:55 <REP> d-------- C:\Program Files\SLD Codec Pack
2007-03-24 03:12 <REP> d-------- C:\Program Files\QuickTime
2007-03-24 03:12 <REP> d-------- C:\Program Files\Apple Software Update
2007-03-24 03:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-03-24 03:09 <REP> d-------- C:\Program Files\Toon Boom Animation
2007-03-23 17:17 <REP> d-------- C:\Valve
2007-03-22 21:14 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-03-22 21:04 <REP> d-------- C:\Program Files\Deep Silver
2007-03-22 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-03-22 19:36 <REP> d-------- C:\Program Files\World of Warcraft
2007-03-22 19:31 <REP> d-------- C:\Program Files\MSBuild
2007-03-22 19:31 <REP> d-------- C:\Program Files\Microsoft Works
2007-03-22 19:30 <REP> d-------- C:\Program Files\Microsoft.NET
2007-03-22 19:28 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-03-22 19:27 <REP> dr-h----- C:\MSOCache
2007-03-22 19:27 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-03-22 19:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-03-22 19:20 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Creative
2007-03-22 19:17 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-03-22 19:16 86,016 -ra------ C:\WINDOWS\CtDrvIns.exe
2007-03-22 19:16 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-22 19:16 65,536 -ra------ C:\WINDOWS\system32\CtCamMgr.dll
2007-03-22 19:16 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-03-22 19:16 503,507 -ra------ C:\WINDOWS\system32\drivers\V0080Dev.sys
2007-03-22 19:16 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-22 19:16 49,152 -ra------ C:\WINDOWS\system32\V0080Hwx.dll
2007-03-22 19:16 36,864 -ra------ C:\WINDOWS\system32\V0080Pin.dll
2007-03-22 19:16 36,864 -ra------ C:\WINDOWS\system32\CtRegApp.dll
2007-03-22 19:16 3,525 -ra------ C:\WINDOWS\system32\drivers\CamH2111.bin
2007-03-22 19:16 3,525 -ra------ C:\WINDOWS\system32\drivers\CamF2111.bin
2007-03-22 19:16 20,480 -ra------ C:\WINDOWS\V0080Cfg.exe
2007-03-22 19:16 20,480 -ra------ C:\WINDOWS\system32\V0080Srv.exe
2007-03-22 19:16 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-22 19:16 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-22 19:16 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-22 19:16 126,976 -ra------ C:\WINDOWS\system32\V0080Vfw.dll
2007-03-22 19:16 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-22 19:16 106,496 -ra------ C:\WINDOWS\system32\V0080Sti.dll
2007-03-22 19:16 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-22 19:16 1,125,376 -ra------ C:\WINDOWS\system32\drivers\V0080Evx.sys
2007-03-22 19:15 <REP> d-------- C:\Program Files\Creative
2007-03-22 19:09 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\vlc
2007-03-22 19:08 <REP> d-------- C:\Program Files\neuf telecom
2007-03-22 19:02 9,728 --a------ C:\WINDOWS\system32\RNAPH.DLL
2007-03-22 19:02 48,128 --a------ C:\WINDOWS\system32\SMMSCRPT.DLL
2007-03-22 19:02 22,528 --a------ C:\WINDOWS\system32\borlndmm.dll
2007-03-22 19:02 <REP> d-------- C:\WINDOWS\neufBOX_ADSL
2007-03-22 19:02 <REP> d-------- C:\Program Files\Kit ADSL
2007-03-22 18:57 <REP> d-------- C:\Program Files\VirtualDJ
2007-03-22 18:26 <REP> d-------- C:\Program Files\EClea2_0
2007-03-22 18:25 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-03-22 18:14 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\MSNInstaller
2007-03-22 18:09 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-22 18:08 <REP> d-------- C:\Program Files\MSN Messenger
2007-03-22 18:06 <REP> d-------- C:\Program Files\MessengerPlus! 3
2007-03-22 17:07 <REP> d-------- C:\Program Files\Fichiers communs\L&H
2007-03-22 17:06 <REP> d-------- C:\Program Files\COMMON~1
2007-03-22 17:05 60,944 --a------ C:\WINDOWS\DASShp.dll
2007-03-22 17:05 <REP> d-------- C:\Program Files\Microsoft Reader
2007-03-22 17:01 <REP> d-------- C:\Program Files\RM-X© Audio Capture
2007-03-22 16:51 <REP> d-------- C:\Program Files\MSECache
2007-03-22 16:46 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-03-22 16:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-22 16:22 <REP> d-------- C:\Program Files\eMule
2007-03-22 15:55 249,347 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_4359.exe
2007-03-22 15:55 <REP> d-------- C:\Program Files\Alcohol Toolbar
2007-03-22 15:55 <REP> d-------- C:\Program Files\Alcohol Soft
2007-03-22 15:53 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-22 15:38 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-03-22 15:37 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-03-22 15:37 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-22 15:16 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-03-22 15:14 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-03-22 15:14 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-03-22 15:14 <REP> d-------- C:\WINDOWS\network diagnostic
2007-03-22 15:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-22 15:11 <REP> d---s---- C:\DOCUME~1\DaMi$$\UserData
2007-03-22 14:38 304,128 --a------ C:\WINDOWS\IsUninst.exe
2007-03-22 14:38 <REP> d-------- C:\DOCUME~1\DaMi$$\WINDOWS
2007-03-22 14:37 99,840 --a------ C:\WINDOWS\system32\ltfil10N.DLL
2007-03-22 14:37 97,280 --a------ C:\WINDOWS\system32\ekfpixjpeg.dll
2007-03-22 14:37 74,240 --a------ C:\WINDOWS\system32\ProFire.dll
2007-03-22 14:37 73,216 --a------ C:\WINDOWS\PhotoDeluxe.scr
2007-03-22 14:37 71,168 --a------ C:\WINDOWS\system32\ekexifio.dll
2007-03-22 14:37 7,808 --a------ C:\WINDOWS\system32\dc240u.sys
2007-03-22 14:37 69,632 --a------ C:\WINDOWS\system32\pssetup.dll
2007-03-22 14:37 68,096 --a------ C:\WINDOWS\system32\ekfpixpsets.dll
2007-03-22 14:37 65,864 --a------ C:\WINDOWS\system32\Digita.sys
2007-03-22 14:37 6,144 --a------ C:\WINDOWS\system32\ImgLibLead.dll
2007-03-22 14:37 59,904 --a------ C:\WINDOWS\system32\Nkdserl.dll
2007-03-22 14:37 59,392 --a------ C:\WINDOWS\system32\Camapi32.dll
2007-03-22 14:37 57,344 --a------ C:\WINDOWS\system32\psdvelop.dll
2007-03-22 14:37 55,808 --a------ C:\WINDOWS\system32\Ltfil70n.dll
2007-03-22 14:37 48,640 --a------ C:\WINDOWS\catalogSubInstaller.exe
2007-03-22 14:37 45,568 --a------ C:\WINDOWS\system32\DC210V204_32.dll
2007-03-22 14:37 45,568 --a------ C:\WINDOWS\system32\DC210.dll
2007-03-22 14:37 45,056 --a------ C:\WINDOWS\system32\psaddimg.dll
2007-03-22 14:37 446,976 --a------ C:\WINDOWS\system32\ekfpixio130.dll
2007-03-22 14:37 43,520 --a------ C:\WINDOWS\system32\ekfpixaudio.dll
2007-03-22 14:37 403,968 --a------ C:\WINDOWS\system32\PDC_SDK.dll
2007-03-22 14:37 4,608 --a------ C:\WINDOWS\system32\ekfpixguid.dll
2007-03-22 14:37 349,696 --a------ C:\WINDOWS\system32\Ltkrn70n.dll
2007-03-22 14:37 34,304 --a------ C:\WINDOWS\system32\Nkdscsi.dll
2007-03-22 14:37 34,304 --a------ C:\WINDOWS\system32\lfbmp10N.dll
2007-03-22 14:37 32,768 --a------ C:\WINDOWS\system32\PLUGIN.DLL
2007-03-22 14:37 32,768 --a------ C:\WINDOWS\system32\F210.dll
2007-03-22 14:37 308,224 --a------ C:\WINDOWS\system32\E300.dll
2007-03-22 14:37 291,840 --a------ C:\WINDOWS\system32\ltkrn10N.dll
2007-03-22 14:37 29,696 --a------ C:\WINDOWS\system32\E300str.dll
2007-03-22 14:37 274,432 --a------ C:\WINDOWS\system32\psdecode.dll
2007-03-22 14:37 249,856 --a------ C:\WINDOWS\system32\Snap32n.dll
2007-03-22 14:37 240,128 --a------ C:\WINDOWS\system32\LFCMP10N.DLL
2007-03-22 14:37 24,576 --a------ C:\WINDOWS\system32\Lfbmp70n.dll
2007-03-22 14:37 230,400 --a------ C:\WINDOWS\system32\DC265.dll
2007-03-22 14:37 225,280 --a------ C:\WINDOWS\system32\LFCMP70n.DLL
2007-03-22 14:37 215,040 --a------ C:\WINDOWS\system32\SC.dll
2007-03-22 14:37 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2007-03-22 14:37 207,872 --a------ C:\WINDOWS\system32\psl350.dll
2007-03-22 14:37 20,976 --a------ C:\WINDOWS\system32\CTL3D.DLL
2007-03-22 14:37 19,968 --a------ C:\WINDOWS\system32\Comm32.dll
2007-03-22 14:37 176,128 --a------ C:\WINDOWS\system32\psll.dll
2007-03-22 14:37 176,128 --a------ C:\WINDOWS\system32\Kzdi20.dll
2007-03-22 14:37 168,960 --a------ C:\WINDOWS\system32\deimg.dll
2007-03-22 14:37 167,936 --a------ C:\WINDOWS\system32\deimg603.dll
2007-03-22 14:37 162,816 --a------ C:\WINDOWS\system32\deimg602.dll
2007-03-22 14:37 161,792 --a------ C:\WINDOWS\system32\deimg401.dll
2007-03-22 14:37 161,280 --a------ C:\WINDOWS\system32\deimg301.dll
2007-03-22 14:37 138,240 --a------ C:\WINDOWS\system32\ekfpixexif.dll
2007-03-22 14:37 119,296 --a------ C:\WINDOWS\system32\Dc50v11_32.dll
2007-03-22 14:37 114,688 --a------ C:\WINDOWS\system32\pscollec.dll
2007-03-22 14:37 110,592 --a------ C:\WINDOWS\system32\DC240.dll
2007-03-22 14:37 102,400 --a------ C:\WINDOWS\system32\psparse.dll
2007-03-22 14:37 100,864 --a------ C:\WINDOWS\system32\Dc50ip32.dll
2007-03-22 14:37 1,436,672 --a------ C:\WINDOWS\system32\Kzlw20.dll
2007-03-22 14:37 <REP> d-------- C:\WINDOWS\system32\Color
2007-03-22 14:37 <REP> d-------- C:\Program Files\Fichiers communs\FotoNation
2007-03-22 14:37 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-03-22 14:33 8,704 --a------ C:\WINDOWS\system32\CNMVS7J.DLL
2007-03-22 14:33 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-22 14:33 140,288 --a------ C:\WINDOWS\system32\CNMLM7J.DLL
2007-03-22 14:33 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
2007-03-22 14:30 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\ScanSoft
2007-03-22 14:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
2007-03-22 14:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
2007-03-22 14:29 <REP> d-------- C:\Program Files\ScanSoft
2007-03-22 14:29 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2007-03-22 14:28 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-03-22 14:28 <REP> d-------- C:\Program Files\ArcSoft
2007-03-22 14:27 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-03-22 14:27 <REP> d-------- C:\WINDOWS\StartHtmico
2007-03-22 14:26 69,632 --a------ C:\WINDOWS\system32\CNCI170.DLL
2007-03-22 14:26 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2007-03-22 14:26 221,184 --a------ C:\WINDOWS\system32\CNCC170.DLL
2007-03-22 14:26 139,264 --a------ C:\WINDOWS\system32\CNCL170.DLL
2007-03-22 14:26 <REP> d--h----- C:\WINDOWS\system32\CanonMP Uninstaller Information
2007-03-22 14:26 <REP> d--h----- C:\CanonMP
2007-03-22 14:26 <REP> d-------- C:\Program Files\Canon
2007-03-22 14:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-03-22 14:23 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-03-22 14:23 2,682,880 --------- C:\WINDOWS\UNNeroVision.exe
2007-03-22 14:23 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2007-03-22 14:22 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-22 14:22 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-22 14:22 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-03-22 14:22 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-03-22 14:22 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-03-22 14:22 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-22 14:22 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-03-22 14:22 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-03-22 14:22 <REP> d-------- C:\Program Files\Ahead
2007-03-22 14:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-03-22 03:17 8,192 --a------ C:\WINDOWS\system32\mcempgvout.dll
2007-03-22 03:17 49,152 --a------ C:\WINDOWS\system32\Macrovision.dll
2007-03-22 03:17 146,432 --a------ C:\WINDOWS\system32\mcempgmux.dll
2007-03-22 03:17 129,536 --a------ C:\WINDOWS\system32\mcempgaout.dll
2007-03-22 03:07 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-22 03:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-03-22 00:50 <REP> d-------- C:\WINDOWS\Internet Logs
2007-03-22 00:27 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-22 00:27 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-22 00:27 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-22 00:27 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-22 00:27 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-03-22 00:27 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-22 00:27 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-03-22 00:27 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-22 00:27 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-22 00:27 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-03-22 00:26 <REP> d-------- C:\Program Files\Alwil Software
2007-03-22 00:24 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-03-22 00:15 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\ATI
2007-03-22 00:12 <REP> d-------- C:\Program Files\ATI Technologies
2007-03-22 00:11 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-22 00:06 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-22 00:05 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-22 00:05 124,672 -ra------ C:\WINDOWS\system32\drivers\SiSGbeXP.sys
2007-03-22 00:05 112,794 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-03-22 00:04 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-22 00:03 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-22 00:03 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-22 00:03 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-22 00:03 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-22 00:03 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-22 00:03 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-22 00:03 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-22 00:03 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-22 00:03 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-22 00:03 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-22 00:02 88,960 --a------ C:\WINDOWS\system32\drivers\MidiSyn.sys
2007-03-22 00:01 991,232 --------- C:\WINDOWS\system32\virtear.dll
2007-03-22 00:01 765,952 --------- C:\WINDOWS\system\crlds3d.dll
2007-03-22 00:01 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-03-22 00:01 65,536 --------- C:\WINDOWS\system32\Audio3d.dll
2007-03-22 00:01 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-22 00:01 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
2007-03-22 00:01 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2007-03-22 00:01 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-22 00:01 392,704 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-03-22 00:01 30,208 --------- C:\WINDOWS\system32\wdmioctl.dll
2007-03-22 00:01 221,376 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-03-22 00:01 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-22 00:01 127,872 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-03-22 00:01 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2007-03-22 00:01 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-22 00:01 <REP> d-------- C:\WINDOWS\VirtualEar
2007-03-22 00:01 <REP> d-------- C:\Program Files\Analog Devices
2007-03-22 00:00 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-03-21 23:59 <REP> d--hs---- C:\RECYCLER
2007-03-21 23:56 4,194,304 --ah----- C:\DOCUME~1\DaMi$$\NTUSER.DAT
2007-03-21 23:56 <REP> dr------- C:\DOCUME~1\DaMi$$\Mes documents
2007-03-21 23:56 <REP> dr------- C:\DOCUME~1\DaMi$$\Menu D‚marrer
2007-03-21 23:56 <REP> dr------- C:\DOCUME~1\DaMi$$\Favoris
2007-03-21 23:56 <REP> d--h----- C:\DOCUME~1\DaMi$$\Voisinage r‚seau
2007-03-21 23:56 <REP> d--h----- C:\DOCUME~1\DaMi$$\Voisinage d'impression
2007-03-21 23:56 <REP> d--h----- C:\DOCUME~1\DaMi$$\ModŠles
2007-03-21 23:56 <REP> d-------- C:\DOCUME~1\DaMi$$\Bureau
2007-03-21 23:55 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-21 23:55 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-21 23:55 <REP> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-21 23:55 <REP> d-------- C:\WINDOWS\Prefetch
2007-03-21 23:52 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-21 23:52 <REP> d-------- C:\WINDOWS\system32\xircom
2007-03-21 23:52 <REP> d-------- C:\Program Files\microsoft frontpage
2007-03-21 23:51 <REP> d-------- C:\WINDOWS\system32\URTTemp
2007-03-21 23:51 <REP> d-------- C:\WINDOWS\fsc
2007-03-21 23:51 <REP> d-------- C:\AddOn
2007-03-21 23:50 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-21 23:50 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-21 23:50 0 -rahs---- C:\MSDOS.SYS
2007-03-21 23:50 0 -rahs---- C:\IO.SYS
2007-03-21 23:50 0 --a------ C:\CONFIG.SYS
2007-03-21 23:50 0 --a------ C:\AUTOEXEC.BAT
2007-03-21 23:50 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-03-21 23:49 <REP> dr------- C:\WINDOWS\Offline Web Pages
2007-03-21 23:49 <REP> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-21 23:49 <REP> d--h----- C:\Program Files\WindowsUpdate
2007-03-21 23:49 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-21 23:49 <REP> d-------- C:\WINDOWS\system32\DirectX
2007-03-21 23:49 <REP> d-------- C:\Program Files\Services en ligne
2007-03-21 23:48 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-21 23:48 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-21 23:48 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-21 23:48 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-21 23:48 73,600 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-21 23:48 72,192 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-21 23:48 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-21 23:48 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-21 23:48 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-21 23:48 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-21 23:48 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-21 23:48 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-21 23:48 50,688 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-21 23:48 467,224 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-21 23:48 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-21 23:48 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-21 23:48 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-21 23:48 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-21 23:48 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-21 23:48 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-21 23:48 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-21 23:48 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-21 23:48 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-21 23:48 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-21 23:48 281,600 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-21 23:48 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-21 23:48 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-21 23:48 241,664 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-21 23:48 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-21 23:48 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-21 23:48 193,024 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-21 23:48 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-21 23:48 175,896 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-21 23:48 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-21 23:48 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-21 23:48 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-21 23:48 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-21 23:48 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-21 23:48 128,792 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-21 23:48 125,720 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-21 23:48 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-21 23:48 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-21 23:48 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-21 23:48 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-21 23:48 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-21 23:48 <REP> d---s---- C:\WINDOWS\Tasks
2007-03-21 23:48 <REP> d-------- C:\WINDOWS\system32\Restore
2007-03-21 23:48 <REP> d-------- C:\WINDOWS\system32\Macromed
2007-03-21 23:48 <REP> d-------- C:\WINDOWS\srchasst
2007-03-21 23:48 <REP> d-------- C:\Program Files\Movie Maker
2007-03-21 23:48 <REP> d-------- C:\Program Files\Fichiers communs\MSSoap
2007-03-21 23:47 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-21 23:47 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-21 23:47 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-21 23:47 35,840 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-21 23:47 232,960 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-21 23:47 21,892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-21 23:47 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-21 23:47 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-21 23:47 <REP> d-------- C:\WINDOWS\Registration
2007-03-21 23:47 <REP> d-------- C:\Program Files\Online Services
2007-03-21 23:47 <REP> d-------- C:\Program Files\MSN Gaming Zone
2007-03-21 23:47 <REP> d-------- C:\Program Files\Messenger
2007-03-21 23:46 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-21 23:46 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-21 23:46 94,208 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-21 23:46 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-21 23:46 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-21 23:46 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-21 23:46 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-21 23:46 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-21 23:46 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-21 23:46 634,880 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-21 23:46 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-21 23:46 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-21 23:46 61,952 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-21 23:46 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-21 23:46 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-21 23:46 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-21 23:46 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-21 23:46 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-03-21 23:46 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-21 23:46 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-21 23:46 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-21 23:46 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-21 23:46 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-03-21 23:46 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-21 23:46 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-21 23:46 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-21 23:46 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-21 23:46 411,648 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-21 23:46 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-21 23:46 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-21 23:46 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-21 23:46 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-21 23:46 354,304 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-21 23:46 347,648 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-21 23:46 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-21 23:46 297,984 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-21 23:46 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-21 23:46 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-21 23:46 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-21 23:46 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-21 23:46 22,528 --a------ C:\WINDOWS\system32\msg.exe
2007-03-21 23:46 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-21 23:46 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-21 23:46 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-21 23:46 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-21 23:46 191,488 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-21 23:46 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-21 23:46 189,952 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-21 23:46 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-21 23:46 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-21 23:46 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-21 23:46 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-21 23:46 16,896 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-21 23:46 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-21 23:46 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-21 23:46 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-21 23:46 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-21 23:46 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-21 23:46 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-21 23:46 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-21 23:46 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-21 23:46 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-21 23:46 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-21 23:46 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-21 23:46 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-21 23:46 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-21 23:46 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-21 23:46 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-21 23:46 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-21 23:46 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-03-21 23:46 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-21 23:46 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-21 23:46 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-21 23:46 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-21 23:46 10,240 --a------ C:\WINDOWS\system32\reset.exe
2007-03-21 23:46 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-21 23:46 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-21 23:46 <REP> d-------- C:\WINDOWS\system32\MsDtc
2007-03-21 23:46 <REP> d-------- C:\WINDOWS\system32\Com
2007-03-21 23:46 <REP> d-------- C:\Program Files\Windows NT
2007-03-21 19:44 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-21 19:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-21 19:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-21 19:42 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-21 19:42 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-03-21 19:42 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-21 19:41 <REP> dr------- C:\Program Files
2007-03-21 19:41 <REP> d--hs---- C:\WINDOWS\Installer
2007-03-21 19:41 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-03-21 19:41 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
2007-03-21 19:40 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-21 19:40 9,104 --a------ C:\WINDOWS\system\VER.DLL
2007-03-21 19:40 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-21 19:40 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-21 19:40 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-21 19:40 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-21 19:40 76,800 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-21 19:40 70,688 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-21 19:40 70,656 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-21 19:40 70,352 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-21 19:40 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-21 19:40 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-21 19:40 33,904 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-21 19:40 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-21 19:40 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-21 19:40 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-21 19:40 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-21 19:40 15,872 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-21 19:40 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-21 19:40 127,168 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-21 19:40 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-21 19:40 109,568 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-21 19:40 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-21 19:40 <REP> dr------- C:\DOCUME~1\DEFAUL~1\Menu D‚marrer
2007-03-21 19:40 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Menu D‚marrer
2007-03-21 19:40 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage r‚seau
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage d'impression
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\ModŠles
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\ModŠles
2007-03-21 19:40 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-21 19:40 <REP> d-------- C:\WINDOWS\system32\CatRoot
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Mes documents
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Favoris
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Bureau
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Favoris
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Bureau
2007-03-21 19:39 <REP> d--hs---- C:\System Volume Information
2007-03-21 19:39 <REP> d-------- C:\Documents and Settings
2007-03-21 19:32 <REP> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-21 19:32 <REP> dr--s---- C:\WINDOWS\Fonts
2007-03-21 19:32 <REP> dr------- C:\WINDOWS\Web
2007-03-21 19:32 <REP> d--h----- C:\WINDOWS\inf
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\WinSxS
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\twain_32
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\wins
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\wbem
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\usmt
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\spool
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\ShellExt
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\Setup
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\ras
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\oobe
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\npp
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\mui
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\inetsrv
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\IME
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\icsxml
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\ias
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\export
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\drivers
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\dhcp
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\config
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\3076
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\2052
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1054
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1042
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1041
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1037
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1036
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1033
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1031
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1028
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1025
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\security
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Resources
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\repair
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Provisioning
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\PeerNet
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\pchealth
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\OEM
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\mui
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\msapps
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\msagent
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Media
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\java
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\ime
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Help
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Driver Cache
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Debug
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Cursors
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Connection Wizard
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Config
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\AppPatch
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\addins
2007-03-21 19:32 <REP> d-------- C:\WINDOWS
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-27 06:01 76144 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-03-27 06:01 470828 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-03-21 19:40 62 --ahs---- C:\DOCUME~1\DaMi$$\APPLIC~1\desktop.ini
2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:37 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-30 16:06 151048 --a------ C:\WINDOWS\dasact.dll
2007-01-30 15:52 28755 --a------ C:\WINDOWS\udhid.dll
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B572F27E-E372-4C72-B3FB-11F376E21785}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M]
Shell\AutoRun\command M:\EAutorun.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-12 21:54:05
C:\ComboFix-quarantined-files.txt ... 07-04-12 21:54
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\DaMi$$\Bureau"
Command switches used :: /v vturq
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\qrutv.bak1
C:\WINDOWS\system32\qrutv.ini
"C:\WINDOWS\system32\vturq.dll"
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((( Files Created from 2007-03-12 to 2007-04-12 ))))))))))))))))))))))))))))))))))
2007-04-12 20:43 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\ItsLabel
2007-04-12 20:42 <REP> d-------- C:\Program Files\eoRezo
2007-04-12 20:42 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\EoRezo
2007-04-12 19:06 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-12 19:06 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2007-04-12 19:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2007-04-12 19:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2007-04-12 19:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
2007-04-12 19:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
2007-04-12 19:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
2007-04-12 19:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2007-04-12 18:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-12 18:03 48,708 --a------ C:\WINDOWS\system32\bvmaarhj.dll
2007-04-12 18:03 123,972 --a------ C:\WINDOWS\system32\eeantxyg.dll
2007-04-12 16:47 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-04-12 16:32 76,412 --a------ C:\WINDOWS\system32\yhqygqlc.dll
2007-04-12 16:10 <REP> d-------- C:\VundoFix Backups
2007-04-10 16:45 <REP> d-------- C:\WINDOWS\system32\CPU Indicator SS
2007-04-10 16:33 <REP> d-------- C:\Program Files\CursorXP
2007-04-09 18:15 <REP> d-------- C:\Program Files\MOVAVI
2007-04-09 18:15 <REP> d-------- C:\Program Files\ConvertMovie 3.0 Bluesquad
2007-04-09 17:40 <REP> d-------- C:\DOCUME~1\DaMi$$\neuftalk
2007-04-09 17:39 <REP> d-------- C:\Program Files\neuf Talk
2007-04-08 14:18 <REP> d-------- C:\WINDOWS\BBStore
2007-04-08 14:18 <REP> d-------- C:\Program Files\Virtual Look 2
2007-04-08 14:02 <REP> d-------- C:\Program Files\MSXML 4.0
2007-04-08 14:02 <REP> d-------- C:\4803e9606cd9d897f4
2007-04-08 00:45 <REP> d-------- C:\Program Files\COSMOPOLITAN
2007-04-08 00:42 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-04-07 20:42 <REP> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-04-07 20:41 84,512 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-04-07 20:41 6,080 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-04-07 20:41 6,080 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2007-04-07 20:41 6,064 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-04-07 20:41 52,384 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2007-04-07 20:41 5,744 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-04-07 20:41 5,744 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2007-04-07 20:41 <REP> d-------- C:\WINDOWS\system32\Samsung
2007-04-07 20:41 <REP> d-------- C:\Program Files\Samsung
2007-04-04 02:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-04-02 22:04 <REP> d-------- C:\Program Files\WowCartographe
2007-04-02 17:57 <REP> d-------- C:\Program Files\Skype
2007-04-02 17:57 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-04-02 17:57 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Skype
2007-04-02 17:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-04-01 23:15 286,208 --a------ C:\WINDOWS\system32\binkw32.dll
2007-04-01 22:49 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-04-01 22:49 <REP> dr-h----- C:\DOCUME~1\DaMi$$\APPLIC~1\SecuROM
2007-04-01 22:37 <REP> d-------- C:\Program Files\Atari
2007-03-31 11:24 <REP> d-------- C:\Program Files\iTunes
2007-03-31 11:24 <REP> d-------- C:\Program Files\iPod
2007-03-30 21:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-03-28 22:51 <REP> d-------- C:\Program Files\Les Boucliers de Quetzalcoatl
2007-03-28 06:01 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Canon
2007-03-27 05:58 26 --a------ C:\WINDOWS\winstart.bat
2007-03-27 05:58 123 --a------ C:\WINDOWS\tmpcpyis.bat
2007-03-27 05:58 122 --a------ C:\WINDOWS\tmpdelis.bat
2007-03-27 05:57 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2007-03-27 05:57 1,053,184 --a------ C:\WINDOWS\system32\SierraNW.dll
2007-03-27 05:57 <REP> d-------- C:\WINDOWS\solcache
2007-03-27 05:56 <REP> d-------- C:\SIERRA
2007-03-27 05:56 <REP> d-------- C:\Program Files\Sierra On-Line
2007-03-26 15:32 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Apple Computer
2007-03-25 21:09 <REP> d-------- C:\WINDOWS\Sun
2007-03-25 21:09 <REP> d-------- C:\Program Files\Google
2007-03-25 21:09 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Sun
2007-03-25 21:09 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Google
2007-03-25 21:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-03-25 21:08 <REP> d-------- C:\Program Files\Java
2007-03-25 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-03-25 17:56 54,936 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-03-25 17:56 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-25 17:56 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-24 19:33 <REP> d-------- C:\DOCUME~1\DaMi$$\Contacts
2007-03-24 18:55 <REP> d-------- C:\Program Files\SLD Codec Pack
2007-03-24 03:12 <REP> d-------- C:\Program Files\QuickTime
2007-03-24 03:12 <REP> d-------- C:\Program Files\Apple Software Update
2007-03-24 03:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-03-24 03:09 <REP> d-------- C:\Program Files\Toon Boom Animation
2007-03-23 17:17 <REP> d-------- C:\Valve
2007-03-22 21:14 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-03-22 21:04 <REP> d-------- C:\Program Files\Deep Silver
2007-03-22 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-03-22 19:36 <REP> d-------- C:\Program Files\World of Warcraft
2007-03-22 19:31 <REP> d-------- C:\Program Files\MSBuild
2007-03-22 19:31 <REP> d-------- C:\Program Files\Microsoft Works
2007-03-22 19:30 <REP> d-------- C:\Program Files\Microsoft.NET
2007-03-22 19:28 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-03-22 19:27 <REP> dr-h----- C:\MSOCache
2007-03-22 19:27 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-03-22 19:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-03-22 19:20 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Creative
2007-03-22 19:17 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-03-22 19:16 86,016 -ra------ C:\WINDOWS\CtDrvIns.exe
2007-03-22 19:16 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-22 19:16 65,536 -ra------ C:\WINDOWS\system32\CtCamMgr.dll
2007-03-22 19:16 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-03-22 19:16 503,507 -ra------ C:\WINDOWS\system32\drivers\V0080Dev.sys
2007-03-22 19:16 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-22 19:16 49,152 -ra------ C:\WINDOWS\system32\V0080Hwx.dll
2007-03-22 19:16 36,864 -ra------ C:\WINDOWS\system32\V0080Pin.dll
2007-03-22 19:16 36,864 -ra------ C:\WINDOWS\system32\CtRegApp.dll
2007-03-22 19:16 3,525 -ra------ C:\WINDOWS\system32\drivers\CamH2111.bin
2007-03-22 19:16 3,525 -ra------ C:\WINDOWS\system32\drivers\CamF2111.bin
2007-03-22 19:16 20,480 -ra------ C:\WINDOWS\V0080Cfg.exe
2007-03-22 19:16 20,480 -ra------ C:\WINDOWS\system32\V0080Srv.exe
2007-03-22 19:16 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-22 19:16 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-22 19:16 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-22 19:16 126,976 -ra------ C:\WINDOWS\system32\V0080Vfw.dll
2007-03-22 19:16 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-22 19:16 106,496 -ra------ C:\WINDOWS\system32\V0080Sti.dll
2007-03-22 19:16 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-22 19:16 1,125,376 -ra------ C:\WINDOWS\system32\drivers\V0080Evx.sys
2007-03-22 19:15 <REP> d-------- C:\Program Files\Creative
2007-03-22 19:09 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\vlc
2007-03-22 19:08 <REP> d-------- C:\Program Files\neuf telecom
2007-03-22 19:02 9,728 --a------ C:\WINDOWS\system32\RNAPH.DLL
2007-03-22 19:02 48,128 --a------ C:\WINDOWS\system32\SMMSCRPT.DLL
2007-03-22 19:02 22,528 --a------ C:\WINDOWS\system32\borlndmm.dll
2007-03-22 19:02 <REP> d-------- C:\WINDOWS\neufBOX_ADSL
2007-03-22 19:02 <REP> d-------- C:\Program Files\Kit ADSL
2007-03-22 18:57 <REP> d-------- C:\Program Files\VirtualDJ
2007-03-22 18:26 <REP> d-------- C:\Program Files\EClea2_0
2007-03-22 18:25 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-03-22 18:14 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\MSNInstaller
2007-03-22 18:09 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-22 18:08 <REP> d-------- C:\Program Files\MSN Messenger
2007-03-22 18:06 <REP> d-------- C:\Program Files\MessengerPlus! 3
2007-03-22 17:07 <REP> d-------- C:\Program Files\Fichiers communs\L&H
2007-03-22 17:06 <REP> d-------- C:\Program Files\COMMON~1
2007-03-22 17:05 60,944 --a------ C:\WINDOWS\DASShp.dll
2007-03-22 17:05 <REP> d-------- C:\Program Files\Microsoft Reader
2007-03-22 17:01 <REP> d-------- C:\Program Files\RM-X© Audio Capture
2007-03-22 16:51 <REP> d-------- C:\Program Files\MSECache
2007-03-22 16:46 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-03-22 16:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-22 16:22 <REP> d-------- C:\Program Files\eMule
2007-03-22 15:55 249,347 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_4359.exe
2007-03-22 15:55 <REP> d-------- C:\Program Files\Alcohol Toolbar
2007-03-22 15:55 <REP> d-------- C:\Program Files\Alcohol Soft
2007-03-22 15:53 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-22 15:38 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-03-22 15:37 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-03-22 15:37 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-22 15:16 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-03-22 15:14 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-03-22 15:14 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-03-22 15:14 <REP> d-------- C:\WINDOWS\network diagnostic
2007-03-22 15:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-22 15:11 <REP> d---s---- C:\DOCUME~1\DaMi$$\UserData
2007-03-22 14:38 304,128 --a------ C:\WINDOWS\IsUninst.exe
2007-03-22 14:38 <REP> d-------- C:\DOCUME~1\DaMi$$\WINDOWS
2007-03-22 14:37 99,840 --a------ C:\WINDOWS\system32\ltfil10N.DLL
2007-03-22 14:37 97,280 --a------ C:\WINDOWS\system32\ekfpixjpeg.dll
2007-03-22 14:37 74,240 --a------ C:\WINDOWS\system32\ProFire.dll
2007-03-22 14:37 73,216 --a------ C:\WINDOWS\PhotoDeluxe.scr
2007-03-22 14:37 71,168 --a------ C:\WINDOWS\system32\ekexifio.dll
2007-03-22 14:37 7,808 --a------ C:\WINDOWS\system32\dc240u.sys
2007-03-22 14:37 69,632 --a------ C:\WINDOWS\system32\pssetup.dll
2007-03-22 14:37 68,096 --a------ C:\WINDOWS\system32\ekfpixpsets.dll
2007-03-22 14:37 65,864 --a------ C:\WINDOWS\system32\Digita.sys
2007-03-22 14:37 6,144 --a------ C:\WINDOWS\system32\ImgLibLead.dll
2007-03-22 14:37 59,904 --a------ C:\WINDOWS\system32\Nkdserl.dll
2007-03-22 14:37 59,392 --a------ C:\WINDOWS\system32\Camapi32.dll
2007-03-22 14:37 57,344 --a------ C:\WINDOWS\system32\psdvelop.dll
2007-03-22 14:37 55,808 --a------ C:\WINDOWS\system32\Ltfil70n.dll
2007-03-22 14:37 48,640 --a------ C:\WINDOWS\catalogSubInstaller.exe
2007-03-22 14:37 45,568 --a------ C:\WINDOWS\system32\DC210V204_32.dll
2007-03-22 14:37 45,568 --a------ C:\WINDOWS\system32\DC210.dll
2007-03-22 14:37 45,056 --a------ C:\WINDOWS\system32\psaddimg.dll
2007-03-22 14:37 446,976 --a------ C:\WINDOWS\system32\ekfpixio130.dll
2007-03-22 14:37 43,520 --a------ C:\WINDOWS\system32\ekfpixaudio.dll
2007-03-22 14:37 403,968 --a------ C:\WINDOWS\system32\PDC_SDK.dll
2007-03-22 14:37 4,608 --a------ C:\WINDOWS\system32\ekfpixguid.dll
2007-03-22 14:37 349,696 --a------ C:\WINDOWS\system32\Ltkrn70n.dll
2007-03-22 14:37 34,304 --a------ C:\WINDOWS\system32\Nkdscsi.dll
2007-03-22 14:37 34,304 --a------ C:\WINDOWS\system32\lfbmp10N.dll
2007-03-22 14:37 32,768 --a------ C:\WINDOWS\system32\PLUGIN.DLL
2007-03-22 14:37 32,768 --a------ C:\WINDOWS\system32\F210.dll
2007-03-22 14:37 308,224 --a------ C:\WINDOWS\system32\E300.dll
2007-03-22 14:37 291,840 --a------ C:\WINDOWS\system32\ltkrn10N.dll
2007-03-22 14:37 29,696 --a------ C:\WINDOWS\system32\E300str.dll
2007-03-22 14:37 274,432 --a------ C:\WINDOWS\system32\psdecode.dll
2007-03-22 14:37 249,856 --a------ C:\WINDOWS\system32\Snap32n.dll
2007-03-22 14:37 240,128 --a------ C:\WINDOWS\system32\LFCMP10N.DLL
2007-03-22 14:37 24,576 --a------ C:\WINDOWS\system32\Lfbmp70n.dll
2007-03-22 14:37 230,400 --a------ C:\WINDOWS\system32\DC265.dll
2007-03-22 14:37 225,280 --a------ C:\WINDOWS\system32\LFCMP70n.DLL
2007-03-22 14:37 215,040 --a------ C:\WINDOWS\system32\SC.dll
2007-03-22 14:37 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2007-03-22 14:37 207,872 --a------ C:\WINDOWS\system32\psl350.dll
2007-03-22 14:37 20,976 --a------ C:\WINDOWS\system32\CTL3D.DLL
2007-03-22 14:37 19,968 --a------ C:\WINDOWS\system32\Comm32.dll
2007-03-22 14:37 176,128 --a------ C:\WINDOWS\system32\psll.dll
2007-03-22 14:37 176,128 --a------ C:\WINDOWS\system32\Kzdi20.dll
2007-03-22 14:37 168,960 --a------ C:\WINDOWS\system32\deimg.dll
2007-03-22 14:37 167,936 --a------ C:\WINDOWS\system32\deimg603.dll
2007-03-22 14:37 162,816 --a------ C:\WINDOWS\system32\deimg602.dll
2007-03-22 14:37 161,792 --a------ C:\WINDOWS\system32\deimg401.dll
2007-03-22 14:37 161,280 --a------ C:\WINDOWS\system32\deimg301.dll
2007-03-22 14:37 138,240 --a------ C:\WINDOWS\system32\ekfpixexif.dll
2007-03-22 14:37 119,296 --a------ C:\WINDOWS\system32\Dc50v11_32.dll
2007-03-22 14:37 114,688 --a------ C:\WINDOWS\system32\pscollec.dll
2007-03-22 14:37 110,592 --a------ C:\WINDOWS\system32\DC240.dll
2007-03-22 14:37 102,400 --a------ C:\WINDOWS\system32\psparse.dll
2007-03-22 14:37 100,864 --a------ C:\WINDOWS\system32\Dc50ip32.dll
2007-03-22 14:37 1,436,672 --a------ C:\WINDOWS\system32\Kzlw20.dll
2007-03-22 14:37 <REP> d-------- C:\WINDOWS\system32\Color
2007-03-22 14:37 <REP> d-------- C:\Program Files\Fichiers communs\FotoNation
2007-03-22 14:37 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-03-22 14:33 8,704 --a------ C:\WINDOWS\system32\CNMVS7J.DLL
2007-03-22 14:33 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-22 14:33 140,288 --a------ C:\WINDOWS\system32\CNMLM7J.DLL
2007-03-22 14:33 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
2007-03-22 14:30 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\ScanSoft
2007-03-22 14:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
2007-03-22 14:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
2007-03-22 14:29 <REP> d-------- C:\Program Files\ScanSoft
2007-03-22 14:29 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2007-03-22 14:28 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-03-22 14:28 <REP> d-------- C:\Program Files\ArcSoft
2007-03-22 14:27 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-03-22 14:27 <REP> d-------- C:\WINDOWS\StartHtmico
2007-03-22 14:26 69,632 --a------ C:\WINDOWS\system32\CNCI170.DLL
2007-03-22 14:26 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2007-03-22 14:26 221,184 --a------ C:\WINDOWS\system32\CNCC170.DLL
2007-03-22 14:26 139,264 --a------ C:\WINDOWS\system32\CNCL170.DLL
2007-03-22 14:26 <REP> d--h----- C:\WINDOWS\system32\CanonMP Uninstaller Information
2007-03-22 14:26 <REP> d--h----- C:\CanonMP
2007-03-22 14:26 <REP> d-------- C:\Program Files\Canon
2007-03-22 14:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-03-22 14:23 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-03-22 14:23 2,682,880 --------- C:\WINDOWS\UNNeroVision.exe
2007-03-22 14:23 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2007-03-22 14:22 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-22 14:22 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-22 14:22 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-03-22 14:22 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-03-22 14:22 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-03-22 14:22 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-22 14:22 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-03-22 14:22 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-03-22 14:22 <REP> d-------- C:\Program Files\Ahead
2007-03-22 14:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-03-22 03:17 8,192 --a------ C:\WINDOWS\system32\mcempgvout.dll
2007-03-22 03:17 49,152 --a------ C:\WINDOWS\system32\Macrovision.dll
2007-03-22 03:17 146,432 --a------ C:\WINDOWS\system32\mcempgmux.dll
2007-03-22 03:17 129,536 --a------ C:\WINDOWS\system32\mcempgaout.dll
2007-03-22 03:07 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-22 03:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-03-22 00:50 <REP> d-------- C:\WINDOWS\Internet Logs
2007-03-22 00:27 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-22 00:27 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-22 00:27 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-22 00:27 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-22 00:27 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-03-22 00:27 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-22 00:27 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-03-22 00:27 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-22 00:27 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-22 00:27 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-03-22 00:26 <REP> d-------- C:\Program Files\Alwil Software
2007-03-22 00:24 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-03-22 00:15 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\ATI
2007-03-22 00:12 <REP> d-------- C:\Program Files\ATI Technologies
2007-03-22 00:11 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-22 00:06 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-22 00:05 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-22 00:05 124,672 -ra------ C:\WINDOWS\system32\drivers\SiSGbeXP.sys
2007-03-22 00:05 112,794 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-03-22 00:04 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-22 00:03 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-22 00:03 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-22 00:03 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-22 00:03 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-22 00:03 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-22 00:03 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-22 00:03 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-22 00:03 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-22 00:03 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-22 00:03 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-22 00:02 88,960 --a------ C:\WINDOWS\system32\drivers\MidiSyn.sys
2007-03-22 00:01 991,232 --------- C:\WINDOWS\system32\virtear.dll
2007-03-22 00:01 765,952 --------- C:\WINDOWS\system\crlds3d.dll
2007-03-22 00:01 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-03-22 00:01 65,536 --------- C:\WINDOWS\system32\Audio3d.dll
2007-03-22 00:01 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-22 00:01 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
2007-03-22 00:01 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2007-03-22 00:01 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-22 00:01 392,704 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-03-22 00:01 30,208 --------- C:\WINDOWS\system32\wdmioctl.dll
2007-03-22 00:01 221,376 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-03-22 00:01 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-22 00:01 127,872 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-03-22 00:01 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2007-03-22 00:01 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-22 00:01 <REP> d-------- C:\WINDOWS\VirtualEar
2007-03-22 00:01 <REP> d-------- C:\Program Files\Analog Devices
2007-03-22 00:00 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-03-21 23:59 <REP> d--hs---- C:\RECYCLER
2007-03-21 23:56 4,194,304 --ah----- C:\DOCUME~1\DaMi$$\NTUSER.DAT
2007-03-21 23:56 <REP> dr------- C:\DOCUME~1\DaMi$$\Mes documents
2007-03-21 23:56 <REP> dr------- C:\DOCUME~1\DaMi$$\Menu D‚marrer
2007-03-21 23:56 <REP> dr------- C:\DOCUME~1\DaMi$$\Favoris
2007-03-21 23:56 <REP> d--h----- C:\DOCUME~1\DaMi$$\Voisinage r‚seau
2007-03-21 23:56 <REP> d--h----- C:\DOCUME~1\DaMi$$\Voisinage d'impression
2007-03-21 23:56 <REP> d--h----- C:\DOCUME~1\DaMi$$\ModŠles
2007-03-21 23:56 <REP> d-------- C:\DOCUME~1\DaMi$$\Bureau
2007-03-21 23:55 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-21 23:55 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-21 23:55 <REP> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-21 23:55 <REP> d-------- C:\WINDOWS\Prefetch
2007-03-21 23:52 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-21 23:52 <REP> d-------- C:\WINDOWS\system32\xircom
2007-03-21 23:52 <REP> d-------- C:\Program Files\microsoft frontpage
2007-03-21 23:51 <REP> d-------- C:\WINDOWS\system32\URTTemp
2007-03-21 23:51 <REP> d-------- C:\WINDOWS\fsc
2007-03-21 23:51 <REP> d-------- C:\AddOn
2007-03-21 23:50 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-21 23:50 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-21 23:50 0 -rahs---- C:\MSDOS.SYS
2007-03-21 23:50 0 -rahs---- C:\IO.SYS
2007-03-21 23:50 0 --a------ C:\CONFIG.SYS
2007-03-21 23:50 0 --a------ C:\AUTOEXEC.BAT
2007-03-21 23:50 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-03-21 23:49 <REP> dr------- C:\WINDOWS\Offline Web Pages
2007-03-21 23:49 <REP> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-21 23:49 <REP> d--h----- C:\Program Files\WindowsUpdate
2007-03-21 23:49 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-21 23:49 <REP> d-------- C:\WINDOWS\system32\DirectX
2007-03-21 23:49 <REP> d-------- C:\Program Files\Services en ligne
2007-03-21 23:48 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-21 23:48 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-21 23:48 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-21 23:48 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-21 23:48 73,600 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-21 23:48 72,192 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-21 23:48 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-21 23:48 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-21 23:48 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-21 23:48 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-21 23:48 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-21 23:48 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-21 23:48 50,688 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-21 23:48 467,224 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-21 23:48 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-21 23:48 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-21 23:48 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-21 23:48 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-21 23:48 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-21 23:48 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-21 23:48 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-21 23:48 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-21 23:48 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-21 23:48 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-21 23:48 281,600 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-21 23:48 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-21 23:48 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-21 23:48 241,664 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-21 23:48 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-21 23:48 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-21 23:48 193,024 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-21 23:48 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-21 23:48 175,896 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-21 23:48 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-21 23:48 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-21 23:48 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-21 23:48 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-21 23:48 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-21 23:48 128,792 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-21 23:48 125,720 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-21 23:48 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-21 23:48 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-21 23:48 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-21 23:48 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-21 23:48 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-21 23:48 <REP> d---s---- C:\WINDOWS\Tasks
2007-03-21 23:48 <REP> d-------- C:\WINDOWS\system32\Restore
2007-03-21 23:48 <REP> d-------- C:\WINDOWS\system32\Macromed
2007-03-21 23:48 <REP> d-------- C:\WINDOWS\srchasst
2007-03-21 23:48 <REP> d-------- C:\Program Files\Movie Maker
2007-03-21 23:48 <REP> d-------- C:\Program Files\Fichiers communs\MSSoap
2007-03-21 23:47 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-21 23:47 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-21 23:47 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-21 23:47 35,840 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-21 23:47 232,960 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-21 23:47 21,892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-21 23:47 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-21 23:47 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-21 23:47 <REP> d-------- C:\WINDOWS\Registration
2007-03-21 23:47 <REP> d-------- C:\Program Files\Online Services
2007-03-21 23:47 <REP> d-------- C:\Program Files\MSN Gaming Zone
2007-03-21 23:47 <REP> d-------- C:\Program Files\Messenger
2007-03-21 23:46 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-21 23:46 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-21 23:46 94,208 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-21 23:46 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-21 23:46 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-21 23:46 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-21 23:46 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-21 23:46 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-21 23:46 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-21 23:46 634,880 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-21 23:46 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-21 23:46 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-21 23:46 61,952 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-21 23:46 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-21 23:46 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-21 23:46 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-21 23:46 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-21 23:46 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-03-21 23:46 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-21 23:46 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-21 23:46 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-21 23:46 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-21 23:46 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-03-21 23:46 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-21 23:46 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-21 23:46 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-21 23:46 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-21 23:46 411,648 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-21 23:46 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-21 23:46 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-21 23:46 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-21 23:46 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-21 23:46 354,304 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-21 23:46 347,648 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-21 23:46 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-21 23:46 297,984 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-21 23:46 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-21 23:46 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-21 23:46 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-21 23:46 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-21 23:46 22,528 --a------ C:\WINDOWS\system32\msg.exe
2007-03-21 23:46 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-21 23:46 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-21 23:46 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-21 23:46 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-21 23:46 191,488 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-21 23:46 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-21 23:46 189,952 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-21 23:46 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-21 23:46 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-21 23:46 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-21 23:46 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-21 23:46 16,896 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-21 23:46 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-21 23:46 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-21 23:46 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-21 23:46 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-21 23:46 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-21 23:46 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-21 23:46 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-21 23:46 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-21 23:46 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-21 23:46 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-21 23:46 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-21 23:46 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-21 23:46 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-21 23:46 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-21 23:46 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-21 23:46 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-21 23:46 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-03-21 23:46 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-21 23:46 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-21 23:46 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-21 23:46 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-21 23:46 10,240 --a------ C:\WINDOWS\system32\reset.exe
2007-03-21 23:46 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-21 23:46 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-21 23:46 <REP> d-------- C:\WINDOWS\system32\MsDtc
2007-03-21 23:46 <REP> d-------- C:\WINDOWS\system32\Com
2007-03-21 23:46 <REP> d-------- C:\Program Files\Windows NT
2007-03-21 19:44 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-21 19:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-21 19:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-21 19:42 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-21 19:42 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-03-21 19:42 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-21 19:41 <REP> dr------- C:\Program Files
2007-03-21 19:41 <REP> d--hs---- C:\WINDOWS\Installer
2007-03-21 19:41 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-03-21 19:41 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
2007-03-21 19:40 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-21 19:40 9,104 --a------ C:\WINDOWS\system\VER.DLL
2007-03-21 19:40 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-21 19:40 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-21 19:40 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-21 19:40 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-21 19:40 76,800 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-21 19:40 70,688 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-21 19:40 70,656 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-21 19:40 70,352 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-21 19:40 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-21 19:40 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-21 19:40 33,904 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-21 19:40 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-21 19:40 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-21 19:40 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-21 19:40 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-21 19:40 15,872 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-21 19:40 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-21 19:40 127,168 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-21 19:40 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-21 19:40 109,568 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-21 19:40 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-21 19:40 <REP> dr------- C:\DOCUME~1\DEFAUL~1\Menu D‚marrer
2007-03-21 19:40 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Menu D‚marrer
2007-03-21 19:40 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage r‚seau
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage d'impression
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\ModŠles
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\ModŠles
2007-03-21 19:40 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-21 19:40 <REP> d-------- C:\WINDOWS\system32\CatRoot
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Mes documents
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Favoris
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Bureau
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Favoris
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Bureau
2007-03-21 19:39 <REP> d--hs---- C:\System Volume Information
2007-03-21 19:39 <REP> d-------- C:\Documents and Settings
2007-03-21 19:32 <REP> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-21 19:32 <REP> dr--s---- C:\WINDOWS\Fonts
2007-03-21 19:32 <REP> dr------- C:\WINDOWS\Web
2007-03-21 19:32 <REP> d--h----- C:\WINDOWS\inf
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\WinSxS
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\twain_32
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\wins
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\wbem
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\usmt
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\spool
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\ShellExt
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\Setup
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\ras
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\oobe
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\npp
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\mui
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\inetsrv
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\IME
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\icsxml
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\ias
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\export
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\drivers
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\dhcp
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\config
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\3076
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\2052
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1054
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1042
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1041
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1037
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1036
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1033
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1031
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1028
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1025
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\security
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Resources
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\repair
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Provisioning
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\PeerNet
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\pchealth
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\OEM
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\mui
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\msapps
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\msagent
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Media
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\java
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\ime
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Help
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Driver Cache
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Debug
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Cursors
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Connection Wizard
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Config
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\AppPatch
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\addins
2007-03-21 19:32 <REP> d-------- C:\WINDOWS
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-27 06:01 76144 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-03-27 06:01 470828 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-03-21 19:40 62 --ahs---- C:\DOCUME~1\DaMi$$\APPLIC~1\desktop.ini
2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:37 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-30 16:06 151048 --a------ C:\WINDOWS\dasact.dll
2007-01-30 15:52 28755 --a------ C:\WINDOWS\udhid.dll
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B572F27E-E372-4C72-B3FB-11F376E21785}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M]
Shell\AutoRun\command M:\EAutorun.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-12 21:54:05
C:\ComboFix-quarantined-files.txt ... 07-04-12 21:54
Logfile of HijackThis v1.99.1
Scan saved at 21:57:23, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DaMi$$\Bureau\hijackthis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\bvmaarhj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 21:57:23, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DaMi$$\Bureau\hijackthis\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\bvmaarhj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Re,
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\bvmaarhj.dll
Clique sur Fix checked (en bas à gauche)
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\WINDOWS\system32\bvmaarhj.dll
C:\Program Files\eoRezo
C:\WINDOWS\system32\bvmaarhj.dll
C:\WINDOWS\system32\eeantxyg.dll
C:\WINDOWS\system32\yhqygqlc.dll
---> Clique-droit puis Copier
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\bvmaarhj.dll
Clique sur Fix checked (en bas à gauche)
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\WINDOWS\system32\bvmaarhj.dll
C:\Program Files\eoRezo
C:\WINDOWS\system32\bvmaarhj.dll
C:\WINDOWS\system32\eeantxyg.dll
C:\WINDOWS\system32\yhqygqlc.dll
---> Clique-droit puis Copier
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\bvmaarhj.dll
C:\WINDOWS\system32\bvmaarhj.dll NOT unregistered.
C:\WINDOWS\system32\bvmaarhj.dll moved successfully.
C:\Program Files\eoRezo\EoAdv\tmp moved successfully.
C:\Program Files\eoRezo\EoAdv moved successfully.
C:\Program Files\eoRezo moved successfully.
File/Folder C:\WINDOWS\system32\bvmaarhj.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\eeantxyg.dll
C:\WINDOWS\system32\eeantxyg.dll NOT unregistered.
C:\WINDOWS\system32\eeantxyg.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\yhqygqlc.dll
C:\WINDOWS\system32\yhqygqlc.dll NOT unregistered.
C:\WINDOWS\system32\yhqygqlc.dll moved successfully.
Created on 04/12/2007 22:33:39
C:\WINDOWS\system32\bvmaarhj.dll NOT unregistered.
C:\WINDOWS\system32\bvmaarhj.dll moved successfully.
C:\Program Files\eoRezo\EoAdv\tmp moved successfully.
C:\Program Files\eoRezo\EoAdv moved successfully.
C:\Program Files\eoRezo moved successfully.
File/Folder C:\WINDOWS\system32\bvmaarhj.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\eeantxyg.dll
C:\WINDOWS\system32\eeantxyg.dll NOT unregistered.
C:\WINDOWS\system32\eeantxyg.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\yhqygqlc.dll
C:\WINDOWS\system32\yhqygqlc.dll NOT unregistered.
C:\WINDOWS\system32\yhqygqlc.dll moved successfully.
Created on 04/12/2007 22:33:39
Désolée pour le temps de réponse mais des pages internet souvrent par dizaine quand je redemarre, aucun moyen d'arreter ca. Sa l'a fait 3 fois. Voila le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 00:57:01, on 14/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DaMi$$\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 00:57:01, on 14/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\DaMi$$\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/r...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
"DaMi$$" - 07-04-14 14:11:09 Service Pack 2
ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\DaMi$$\Bureau"
Command switches used :: /v vturq
((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 ))))))))))))))))))))))))))))))))))
2007-04-14 11:30 462,848 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-04-14 01:14 <REP> d-------- C:\WINDOWS\pss
2007-04-13 14:50 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Help
2007-04-12 20:43 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\ItsLabel
2007-04-12 20:42 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\EoRezo
2007-04-12 19:06 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-12 19:06 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2007-04-12 19:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2007-04-12 19:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2007-04-12 19:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
2007-04-12 19:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
2007-04-12 19:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
2007-04-12 19:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2007-04-12 16:47 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-04-12 16:10 <REP> d-------- C:\VundoFix Backups
2007-04-10 16:45 <REP> d-------- C:\WINDOWS\system32\CPU Indicator SS
2007-04-10 16:33 <REP> d-------- C:\Program Files\CursorXP
2007-04-09 18:15 <REP> d-------- C:\Program Files\MOVAVI
2007-04-09 18:15 <REP> d-------- C:\Program Files\ConvertMovie 3.0 Bluesquad
2007-04-09 17:40 <REP> d-------- C:\DOCUME~1\DaMi$$\neuftalk
2007-04-09 17:39 <REP> d-------- C:\Program Files\neuf Talk
2007-04-08 14:18 <REP> d-------- C:\WINDOWS\BBStore
2007-04-08 14:18 <REP> d-------- C:\Program Files\Virtual Look 2
2007-04-08 14:02 <REP> d-------- C:\Program Files\MSXML 4.0
2007-04-08 14:02 <REP> d-------- C:\4803e9606cd9d897f4
2007-04-08 00:45 <REP> d-------- C:\Program Files\COSMOPOLITAN
2007-04-08 00:42 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-04-07 20:42 <REP> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-04-07 20:41 84,512 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-04-07 20:41 6,080 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-04-07 20:41 6,080 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2007-04-07 20:41 6,064 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-04-07 20:41 52,384 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2007-04-07 20:41 5,744 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-04-07 20:41 5,744 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2007-04-07 20:41 <REP> d-------- C:\WINDOWS\system32\Samsung
2007-04-07 20:41 <REP> d-------- C:\Program Files\Samsung
2007-04-04 02:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-04-02 22:04 <REP> d-------- C:\Program Files\WowCartographe
2007-04-02 17:57 <REP> d-------- C:\Program Files\Skype
2007-04-02 17:57 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-04-02 17:57 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Skype
2007-04-02 17:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-04-01 23:15 286,208 --a------ C:\WINDOWS\system32\binkw32.dll
2007-04-01 22:49 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-04-01 22:49 <REP> dr-h----- C:\DOCUME~1\DaMi$$\APPLIC~1\SecuROM
2007-04-01 22:37 <REP> d-------- C:\Program Files\Atari
2007-03-31 11:24 <REP> d-------- C:\Program Files\iTunes
2007-03-31 11:24 <REP> d-------- C:\Program Files\iPod
2007-03-30 21:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-03-28 22:51 <REP> d-------- C:\Program Files\Les Boucliers de Quetzalcoatl
2007-03-28 06:01 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Canon
2007-03-27 05:58 26 --a------ C:\WINDOWS\winstart.bat
2007-03-27 05:58 123 --a------ C:\WINDOWS\tmpcpyis.bat
2007-03-27 05:58 122 --a------ C:\WINDOWS\tmpdelis.bat
2007-03-27 05:57 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2007-03-27 05:57 1,053,184 --a------ C:\WINDOWS\system32\SierraNW.dll
2007-03-27 05:57 <REP> d-------- C:\WINDOWS\solcache
2007-03-27 05:56 <REP> d-------- C:\SIERRA
2007-03-27 05:56 <REP> d-------- C:\Program Files\Sierra On-Line
2007-03-26 15:32 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Apple Computer
2007-03-25 21:09 <REP> d-------- C:\WINDOWS\Sun
2007-03-25 21:09 <REP> d-------- C:\Program Files\Google
2007-03-25 21:09 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Sun
2007-03-25 21:09 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Google
2007-03-25 21:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-03-25 21:08 <REP> d-------- C:\Program Files\Java
2007-03-25 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-03-25 17:56 54,936 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-03-25 17:56 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-25 17:56 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-24 19:33 <REP> d-------- C:\DOCUME~1\DaMi$$\Contacts
2007-03-24 18:55 <REP> d-------- C:\Program Files\SLD Codec Pack
2007-03-24 03:12 <REP> d-------- C:\Program Files\QuickTime
2007-03-24 03:12 <REP> d-------- C:\Program Files\Apple Software Update
2007-03-24 03:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-03-24 03:09 <REP> d-------- C:\Program Files\Toon Boom Animation
2007-03-23 17:17 <REP> d-------- C:\Valve
2007-03-22 21:14 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-03-22 21:04 <REP> d-------- C:\Program Files\Deep Silver
2007-03-22 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-03-22 19:36 <REP> d-------- C:\Program Files\World of Warcraft
2007-03-22 19:31 <REP> d-------- C:\Program Files\MSBuild
2007-03-22 19:31 <REP> d-------- C:\Program Files\Microsoft Works
2007-03-22 19:30 <REP> d-------- C:\Program Files\Microsoft.NET
2007-03-22 19:28 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-03-22 19:27 <REP> dr-h----- C:\MSOCache
2007-03-22 19:27 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-03-22 19:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-03-22 19:20 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Creative
2007-03-22 19:17 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-03-22 19:16 86,016 -ra------ C:\WINDOWS\CtDrvIns.exe
2007-03-22 19:16 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-22 19:16 65,536 -ra------ C:\WINDOWS\system32\CtCamMgr.dll
2007-03-22 19:16 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-03-22 19:16 503,507 -ra------ C:\WINDOWS\system32\drivers\V0080Dev.sys
2007-03-22 19:16 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-22 19:16 49,152 -ra------ C:\WINDOWS\system32\V0080Hwx.dll
2007-03-22 19:16 36,864 -ra------ C:\WINDOWS\system32\V0080Pin.dll
2007-03-22 19:16 36,864 -ra------ C:\WINDOWS\system32\CtRegApp.dll
2007-03-22 19:16 3,525 -ra------ C:\WINDOWS\system32\drivers\CamH2111.bin
2007-03-22 19:16 3,525 -ra------ C:\WINDOWS\system32\drivers\CamF2111.bin
2007-03-22 19:16 20,480 -ra------ C:\WINDOWS\V0080Cfg.exe
2007-03-22 19:16 20,480 -ra------ C:\WINDOWS\system32\V0080Srv.exe
2007-03-22 19:16 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-22 19:16 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-22 19:16 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-22 19:16 126,976 -ra------ C:\WINDOWS\system32\V0080Vfw.dll
2007-03-22 19:16 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-22 19:16 106,496 -ra------ C:\WINDOWS\system32\V0080Sti.dll
2007-03-22 19:16 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-22 19:16 1,125,376 -ra------ C:\WINDOWS\system32\drivers\V0080Evx.sys
2007-03-22 19:15 <REP> d-------- C:\Program Files\Creative
2007-03-22 19:09 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\vlc
2007-03-22 19:08 <REP> d-------- C:\Program Files\neuf telecom
2007-03-22 19:02 9,728 --a------ C:\WINDOWS\system32\RNAPH.DLL
2007-03-22 19:02 48,128 --a------ C:\WINDOWS\system32\SMMSCRPT.DLL
2007-03-22 19:02 22,528 --a------ C:\WINDOWS\system32\borlndmm.dll
2007-03-22 19:02 <REP> d-------- C:\WINDOWS\neufBOX_ADSL
2007-03-22 19:02 <REP> d-------- C:\Program Files\Kit ADSL
2007-03-22 18:57 <REP> d-------- C:\Program Files\VirtualDJ
2007-03-22 18:26 <REP> d-------- C:\Program Files\EClea2_0
2007-03-22 18:25 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-03-22 18:14 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\MSNInstaller
2007-03-22 18:09 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-22 18:08 <REP> d-------- C:\Program Files\MSN Messenger
2007-03-22 18:06 <REP> d-------- C:\Program Files\MessengerPlus! 3
2007-03-22 17:07 <REP> d-------- C:\Program Files\Fichiers communs\L&H
2007-03-22 17:06 <REP> d-------- C:\Program Files\COMMON~1
2007-03-22 17:05 60,944 --a------ C:\WINDOWS\DASShp.dll
2007-03-22 17:05 <REP> d-------- C:\Program Files\Microsoft Reader
2007-03-22 16:51 <REP> d-------- C:\Program Files\MSECache
2007-03-22 16:46 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-03-22 16:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-22 16:22 <REP> d-------- C:\Program Files\eMule
2007-03-22 15:55 249,347 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_4359.exe
2007-03-22 15:55 <REP> d-------- C:\Program Files\Alcohol Toolbar
2007-03-22 15:55 <REP> d-------- C:\Program Files\Alcohol Soft
2007-03-22 15:53 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-22 15:38 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-03-22 15:37 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-03-22 15:37 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-22 15:16 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-03-22 15:14 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-03-22 15:14 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-03-22 15:14 <REP> d-------- C:\WINDOWS\network diagnostic
2007-03-22 15:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-22 15:11 <REP> d---s---- C:\DOCUME~1\DaMi$$\UserData
2007-03-22 14:38 304,128 --a------ C:\WINDOWS\IsUninst.exe
2007-03-22 14:38 <REP> d-------- C:\DOCUME~1\DaMi$$\WINDOWS
2007-03-22 14:37 99,840 --a------ C:\WINDOWS\system32\ltfil10N.DLL
2007-03-22 14:37 97,280 --a------ C:\WINDOWS\system32\ekfpixjpeg.dll
2007-03-22 14:37 74,240 --a------ C:\WINDOWS\system32\ProFire.dll
2007-03-22 14:37 73,216 --a------ C:\WINDOWS\PhotoDeluxe.scr
2007-03-22 14:37 71,168 --a------ C:\WINDOWS\system32\ekexifio.dll
2007-03-22 14:37 7,808 --a------ C:\WINDOWS\system32\dc240u.sys
2007-03-22 14:37 69,632 --a------ C:\WINDOWS\system32\pssetup.dll
2007-03-22 14:37 68,096 --a------ C:\WINDOWS\system32\ekfpixpsets.dll
2007-03-22 14:37 65,864 --a------ C:\WINDOWS\system32\Digita.sys
2007-03-22 14:37 6,144 --a------ C:\WINDOWS\system32\ImgLibLead.dll
2007-03-22 14:37 59,904 --a------ C:\WINDOWS\system32\Nkdserl.dll
2007-03-22 14:37 59,392 --a------ C:\WINDOWS\system32\Camapi32.dll
2007-03-22 14:37 57,344 --a------ C:\WINDOWS\system32\psdvelop.dll
2007-03-22 14:37 55,808 --a------ C:\WINDOWS\system32\Ltfil70n.dll
2007-03-22 14:37 48,640 --a------ C:\WINDOWS\catalogSubInstaller.exe
2007-03-22 14:37 45,568 --a------ C:\WINDOWS\system32\DC210V204_32.dll
2007-03-22 14:37 45,568 --a------ C:\WINDOWS\system32\DC210.dll
2007-03-22 14:37 45,056 --a------ C:\WINDOWS\system32\psaddimg.dll
2007-03-22 14:37 446,976 --a------ C:\WINDOWS\system32\ekfpixio130.dll
2007-03-22 14:37 43,520 --a------ C:\WINDOWS\system32\ekfpixaudio.dll
2007-03-22 14:37 403,968 --a------ C:\WINDOWS\system32\PDC_SDK.dll
2007-03-22 14:37 4,608 --a------ C:\WINDOWS\system32\ekfpixguid.dll
2007-03-22 14:37 349,696 --a------ C:\WINDOWS\system32\Ltkrn70n.dll
2007-03-22 14:37 34,304 --a------ C:\WINDOWS\system32\Nkdscsi.dll
2007-03-22 14:37 34,304 --a------ C:\WINDOWS\system32\lfbmp10N.dll
2007-03-22 14:37 32,768 --a------ C:\WINDOWS\system32\PLUGIN.DLL
2007-03-22 14:37 32,768 --a------ C:\WINDOWS\system32\F210.dll
2007-03-22 14:37 308,224 --a------ C:\WINDOWS\system32\E300.dll
2007-03-22 14:37 291,840 --a------ C:\WINDOWS\system32\ltkrn10N.dll
2007-03-22 14:37 29,696 --a------ C:\WINDOWS\system32\E300str.dll
2007-03-22 14:37 274,432 --a------ C:\WINDOWS\system32\psdecode.dll
2007-03-22 14:37 249,856 --a------ C:\WINDOWS\system32\Snap32n.dll
2007-03-22 14:37 240,128 --a------ C:\WINDOWS\system32\LFCMP10N.DLL
2007-03-22 14:37 24,576 --a------ C:\WINDOWS\system32\Lfbmp70n.dll
2007-03-22 14:37 230,400 --a------ C:\WINDOWS\system32\DC265.dll
2007-03-22 14:37 225,280 --a------ C:\WINDOWS\system32\LFCMP70n.DLL
2007-03-22 14:37 215,040 --a------ C:\WINDOWS\system32\SC.dll
2007-03-22 14:37 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2007-03-22 14:37 207,872 --a------ C:\WINDOWS\system32\psl350.dll
2007-03-22 14:37 20,976 --a------ C:\WINDOWS\system32\CTL3D.DLL
2007-03-22 14:37 19,968 --a------ C:\WINDOWS\system32\Comm32.dll
2007-03-22 14:37 176,128 --a------ C:\WINDOWS\system32\psll.dll
2007-03-22 14:37 176,128 --a------ C:\WINDOWS\system32\Kzdi20.dll
2007-03-22 14:37 168,960 --a------ C:\WINDOWS\system32\deimg.dll
2007-03-22 14:37 167,936 --a------ C:\WINDOWS\system32\deimg603.dll
2007-03-22 14:37 162,816 --a------ C:\WINDOWS\system32\deimg602.dll
2007-03-22 14:37 161,792 --a------ C:\WINDOWS\system32\deimg401.dll
2007-03-22 14:37 161,280 --a------ C:\WINDOWS\system32\deimg301.dll
2007-03-22 14:37 138,240 --a------ C:\WINDOWS\system32\ekfpixexif.dll
2007-03-22 14:37 119,296 --a------ C:\WINDOWS\system32\Dc50v11_32.dll
2007-03-22 14:37 114,688 --a------ C:\WINDOWS\system32\pscollec.dll
2007-03-22 14:37 110,592 --a------ C:\WINDOWS\system32\DC240.dll
2007-03-22 14:37 102,400 --a------ C:\WINDOWS\system32\psparse.dll
2007-03-22 14:37 100,864 --a------ C:\WINDOWS\system32\Dc50ip32.dll
2007-03-22 14:37 1,436,672 --a------ C:\WINDOWS\system32\Kzlw20.dll
2007-03-22 14:37 <REP> d-------- C:\WINDOWS\system32\Color
2007-03-22 14:37 <REP> d-------- C:\Program Files\Fichiers communs\FotoNation
2007-03-22 14:37 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-03-22 14:33 8,704 --a------ C:\WINDOWS\system32\CNMVS7J.DLL
2007-03-22 14:33 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-22 14:33 140,288 --a------ C:\WINDOWS\system32\CNMLM7J.DLL
2007-03-22 14:33 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
2007-03-22 14:30 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\ScanSoft
2007-03-22 14:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
2007-03-22 14:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
2007-03-22 14:29 <REP> d-------- C:\Program Files\ScanSoft
2007-03-22 14:29 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2007-03-22 14:28 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-03-22 14:28 <REP> d-------- C:\Program Files\ArcSoft
2007-03-22 14:27 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-03-22 14:27 <REP> d-------- C:\WINDOWS\StartHtmico
2007-03-22 14:26 69,632 --a------ C:\WINDOWS\system32\CNCI170.DLL
2007-03-22 14:26 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2007-03-22 14:26 221,184 --a------ C:\WINDOWS\system32\CNCC170.DLL
2007-03-22 14:26 139,264 --a------ C:\WINDOWS\system32\CNCL170.DLL
2007-03-22 14:26 <REP> d--h----- C:\WINDOWS\system32\CanonMP Uninstaller Information
2007-03-22 14:26 <REP> d--h----- C:\CanonMP
2007-03-22 14:26 <REP> d-------- C:\Program Files\Canon
2007-03-22 14:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-03-22 14:23 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-03-22 14:23 2,682,880 --------- C:\WINDOWS\UNNeroVision.exe
2007-03-22 14:23 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2007-03-22 14:22 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-22 14:22 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-22 14:22 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-03-22 14:22 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-03-22 14:22 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-03-22 14:22 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-22 14:22 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-03-22 14:22 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-03-22 14:22 <REP> d-------- C:\Program Files\Ahead
2007-03-22 14:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-03-22 03:17 8,192 --a------ C:\WINDOWS\system32\mcempgvout.dll
2007-03-22 03:17 49,152 --a------ C:\WINDOWS\system32\Macrovision.dll
2007-03-22 03:17 146,432 --a------ C:\WINDOWS\system32\mcempgmux.dll
2007-03-22 03:17 129,536 --a------ C:\WINDOWS\system32\mcempgaout.dll
2007-03-22 03:07 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-22 03:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-03-22 00:50 <REP> d-------- C:\WINDOWS\Internet Logs
2007-03-22 00:27 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-22 00:27 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-22 00:27 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-22 00:27 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-22 00:27 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-03-22 00:27 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-22 00:27 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-03-22 00:27 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-22 00:27 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-22 00:27 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-03-22 00:26 <REP> d-------- C:\Program Files\Alwil Software
2007-03-22 00:24 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-03-22 00:15 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\ATI
2007-03-22 00:12 <REP> d-------- C:\Program Files\ATI Technologies
2007-03-22 00:11 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-22 00:06 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-22 00:05 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-22 00:05 124,672 -ra------ C:\WINDOWS\system32\drivers\SiSGbeXP.sys
2007-03-22 00:05 112,794 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-03-22 00:04 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-22 00:03 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-22 00:03 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-22 00:03 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-22 00:03 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-22 00:03 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-22 00:03 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-22 00:03 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-22 00:03 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-22 00:03 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-22 00:03 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-22 00:02 88,960 --a------ C:\WINDOWS\system32\drivers\MidiSyn.sys
2007-03-22 00:01 991,232 --------- C:\WINDOWS\system32\virtear.dll
2007-03-22 00:01 765,952 --------- C:\WINDOWS\system\crlds3d.dll
2007-03-22 00:01 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-03-22 00:01 65,536 --------- C:\WINDOWS\system32\Audio3d.dll
2007-03-22 00:01 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-22 00:01 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
2007-03-22 00:01 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2007-03-22 00:01 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-22 00:01 392,704 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-03-22 00:01 30,208 --------- C:\WINDOWS\system32\wdmioctl.dll
2007-03-22 00:01 221,376 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-03-22 00:01 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-22 00:01 127,872 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-03-22 00:01 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2007-03-22 00:01 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-22 00:01 <REP> d-------- C:\WINDOWS\VirtualEar
2007-03-22 00:01 <REP> d-------- C:\Program Files\Analog Devices
2007-03-22 00:00 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-03-21 23:59 <REP> d--hs---- C:\RECYCLER
2007-03-21 23:56 4,194,304 --ah----- C:\DOCUME~1\DaMi$$\NTUSER.DAT
2007-03-21 23:56 <REP> dr------- C:\DOCUME~1\DaMi$$\Mes documents
2007-03-21 23:56 <REP> dr------- C:\DOCUME~1\DaMi$$\Menu D‚marrer
2007-03-21 23:56 <REP> dr------- C:\DOCUME~1\DaMi$$\Favoris
2007-03-21 23:56 <REP> d--h----- C:\DOCUME~1\DaMi$$\Voisinage r‚seau
2007-03-21 23:56 <REP> d--h----- C:\DOCUME~1\DaMi$$\Voisinage d'impression
2007-03-21 23:56 <REP> d--h----- C:\DOCUME~1\DaMi$$\ModŠles
2007-03-21 23:56 <REP> d-------- C:\DOCUME~1\DaMi$$\Bureau
2007-03-21 23:55 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-21 23:55 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-21 23:55 <REP> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-21 23:55 <REP> d-------- C:\WINDOWS\Prefetch
2007-03-21 23:52 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-21 23:52 <REP> d-------- C:\WINDOWS\system32\xircom
2007-03-21 23:52 <REP> d-------- C:\Program Files\microsoft frontpage
2007-03-21 23:51 <REP> d-------- C:\WINDOWS\system32\URTTemp
2007-03-21 23:51 <REP> d-------- C:\WINDOWS\fsc
2007-03-21 23:51 <REP> d-------- C:\AddOn
2007-03-21 23:50 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-21 23:50 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-21 23:50 0 -rahs---- C:\MSDOS.SYS
2007-03-21 23:50 0 -rahs---- C:\IO.SYS
2007-03-21 23:50 0 --a------ C:\CONFIG.SYS
2007-03-21 23:50 0 --a------ C:\AUTOEXEC.BAT
2007-03-21 23:50 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-03-21 23:49 <REP> dr------- C:\WINDOWS\Offline Web Pages
2007-03-21 23:49 <REP> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-21 23:49 <REP> d--h----- C:\Program Files\WindowsUpdate
2007-03-21 23:49 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-21 23:49 <REP> d-------- C:\WINDOWS\system32\DirectX
2007-03-21 23:49 <REP> d-------- C:\Program Files\Services en ligne
2007-03-21 23:48 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-21 23:48 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-21 23:48 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-21 23:48 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-21 23:48 73,600 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-21 23:48 72,192 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-21 23:48 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-21 23:48 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-21 23:48 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-21 23:48 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-21 23:48 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-21 23:48 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-21 23:48 50,688 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-21 23:48 467,224 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-21 23:48 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-21 23:48 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-21 23:48 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-21 23:48 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-21 23:48 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-21 23:48 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-21 23:48 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-21 23:48 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-21 23:48 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-21 23:48 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-21 23:48 281,600 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-21 23:48 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-21 23:48 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-21 23:48 241,664 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-21 23:48 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-21 23:48 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-21 23:48 193,024 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-21 23:48 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-21 23:48 175,896 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-21 23:48 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-21 23:48 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-21 23:48 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-21 23:48 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-21 23:48 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-21 23:48 128,792 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-21 23:48 125,720 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-21 23:48 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-21 23:48 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-21 23:48 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-21 23:48 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-21 23:48 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-21 23:48 <REP> d---s---- C:\WINDOWS\Tasks
2007-03-21 23:48 <REP> d-------- C:\WINDOWS\system32\Restore
2007-03-21 23:48 <REP> d-------- C:\WINDOWS\system32\Macromed
2007-03-21 23:48 <REP> d-------- C:\WINDOWS\srchasst
2007-03-21 23:48 <REP> d-------- C:\Program Files\Movie Maker
2007-03-21 23:48 <REP> d-------- C:\Program Files\Fichiers communs\MSSoap
2007-03-21 23:47 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-21 23:47 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-21 23:47 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-21 23:47 35,840 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-21 23:47 232,960 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-21 23:47 21,892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-21 23:47 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-21 23:47 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-21 23:47 <REP> d-------- C:\WINDOWS\Registration
2007-03-21 23:47 <REP> d-------- C:\Program Files\Online Services
2007-03-21 23:47 <REP> d-------- C:\Program Files\MSN Gaming Zone
2007-03-21 23:47 <REP> d-------- C:\Program Files\Messenger
2007-03-21 23:46 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-21 23:46 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-21 23:46 94,208 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-21 23:46 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-21 23:46 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-21 23:46 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-21 23:46 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-21 23:46 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-21 23:46 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-21 23:46 634,880 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-21 23:46 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-21 23:46 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-21 23:46 61,952 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-21 23:46 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-21 23:46 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-21 23:46 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-21 23:46 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-21 23:46 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-03-21 23:46 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-21 23:46 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-21 23:46 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-21 23:46 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-21 23:46 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-03-21 23:46 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-21 23:46 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-21 23:46 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-21 23:46 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-21 23:46 411,648 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-21 23:46 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-21 23:46 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-21 23:46 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-21 23:46 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-21 23:46 354,304 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-21 23:46 347,648 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-21 23:46 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-21 23:46 297,984 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-21 23:46 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-21 23:46 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-21 23:46 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-21 23:46 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-21 23:46 22,528 --a------ C:\WINDOWS\system32\msg.exe
2007-03-21 23:46 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-21 23:46 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-21 23:46 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-21 23:46 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-21 23:46 191,488 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-21 23:46 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-21 23:46 189,952 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-21 23:46 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-21 23:46 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-21 23:46 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-21 23:46 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-21 23:46 16,896 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-21 23:46 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-21 23:46 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-21 23:46 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-21 23:46 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-21 23:46 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-21 23:46 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-21 23:46 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-21 23:46 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-21 23:46 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-21 23:46 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-21 23:46 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-21 23:46 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-21 23:46 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-21 23:46 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-21 23:46 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-21 23:46 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-21 23:46 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-03-21 23:46 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-21 23:46 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-21 23:46 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-21 23:46 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-21 23:46 10,240 --a------ C:\WINDOWS\system32\reset.exe
2007-03-21 23:46 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-21 23:46 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-21 23:46 <REP> d-------- C:\WINDOWS\system32\MsDtc
2007-03-21 23:46 <REP> d-------- C:\WINDOWS\system32\Com
2007-03-21 23:46 <REP> d-------- C:\Program Files\Windows NT
2007-03-21 19:44 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-21 19:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-21 19:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-21 19:42 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-21 19:42 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-03-21 19:42 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-21 19:41 <REP> dr------- C:\Program Files
2007-03-21 19:41 <REP> d--hs---- C:\WINDOWS\Installer
2007-03-21 19:41 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-03-21 19:41 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
2007-03-21 19:40 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-21 19:40 9,104 --a------ C:\WINDOWS\system\VER.DLL
2007-03-21 19:40 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-21 19:40 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-21 19:40 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-21 19:40 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-21 19:40 76,800 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-21 19:40 70,688 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-21 19:40 70,656 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-21 19:40 70,352 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-21 19:40 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-21 19:40 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-21 19:40 33,904 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-21 19:40 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-21 19:40 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-21 19:40 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-21 19:40 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-21 19:40 15,872 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-21 19:40 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-21 19:40 127,168 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-21 19:40 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-21 19:40 109,568 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-21 19:40 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-21 19:40 <REP> dr------- C:\DOCUME~1\DEFAUL~1\Menu D‚marrer
2007-03-21 19:40 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Menu D‚marrer
2007-03-21 19:40 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage r‚seau
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage d'impression
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\ModŠles
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\ModŠles
2007-03-21 19:40 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-21 19:40 <REP> d-------- C:\WINDOWS\system32\CatRoot
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Mes documents
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Favoris
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Bureau
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Favoris
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Bureau
2007-03-21 19:39 <REP> d--hs---- C:\System Volume Information
2007-03-21 19:39 <REP> d-------- C:\Documents and Settings
2007-03-21 19:32 <REP> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-21 19:32 <REP> dr--s---- C:\WINDOWS\Fonts
2007-03-21 19:32 <REP> dr------- C:\WINDOWS\Web
2007-03-21 19:32 <REP> d--h----- C:\WINDOWS\inf
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\WinSxS
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\twain_32
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\wins
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\wbem
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\usmt
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\spool
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\ShellExt
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\Setup
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\ras
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\oobe
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\npp
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\mui
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\inetsrv
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\IME
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\icsxml
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\ias
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\export
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\drivers
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\dhcp
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\config
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\3076
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\2052
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1054
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1042
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1041
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1037
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1036
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1033
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1031
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1028
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1025
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\security
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Resources
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\repair
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Provisioning
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\PeerNet
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\pchealth
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\OEM
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\mui
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\msapps
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\msagent
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Media
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\java
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\ime
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Help
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Driver Cache
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Debug
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Cursors
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Connection Wizard
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Config
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\AppPatch
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\addins
2007-03-21 19:32 <REP> d-------- C:\WINDOWS
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-27 06:01 76144 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-03-27 06:01 470828 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-03-21 19:40 62 --ahs---- C:\DOCUME~1\DaMi$$\APPLIC~1\desktop.ini
2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:37 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-30 16:06 151048 --a------ C:\WINDOWS\dasact.dll
2007-01-30 15:52 28755 --a------ C:\WINDOWS\udhid.dll
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B572F27E-E372-4C72-B3FB-11F376E21785}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M]
Shell\AutoRun\command M:\EAutorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdaf9ad6-d87c-11db-9e61-0015f2611221}]
Shell\AutoRun\command M:\EAutorun.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-14 14:17:09
C:\ComboFix-quarantined-files.txt ... 07-04-14 14:17
C:\ComboFix2.txt ... 07-04-12 21:54
ComboFix 07-04-05.Rev3 - Running from: "C:\Documents and Settings\DaMi$$\Bureau"
Command switches used :: /v vturq
((((((((((((((((((((((((((((((( Files Created from 2007-03-14 to 2007-04-14 ))))))))))))))))))))))))))))))))))
2007-04-14 11:30 462,848 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-04-14 01:14 <REP> d-------- C:\WINDOWS\pss
2007-04-13 14:50 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Help
2007-04-12 20:43 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\ItsLabel
2007-04-12 20:42 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\EoRezo
2007-04-12 19:06 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-12 19:06 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2007-04-12 19:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2007-04-12 19:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2007-04-12 19:06 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
2007-04-12 19:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Mes documents
2007-04-12 19:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Favoris
2007-04-12 19:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\Bureau
2007-04-12 16:47 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-04-12 16:10 <REP> d-------- C:\VundoFix Backups
2007-04-10 16:45 <REP> d-------- C:\WINDOWS\system32\CPU Indicator SS
2007-04-10 16:33 <REP> d-------- C:\Program Files\CursorXP
2007-04-09 18:15 <REP> d-------- C:\Program Files\MOVAVI
2007-04-09 18:15 <REP> d-------- C:\Program Files\ConvertMovie 3.0 Bluesquad
2007-04-09 17:40 <REP> d-------- C:\DOCUME~1\DaMi$$\neuftalk
2007-04-09 17:39 <REP> d-------- C:\Program Files\neuf Talk
2007-04-08 14:18 <REP> d-------- C:\WINDOWS\BBStore
2007-04-08 14:18 <REP> d-------- C:\Program Files\Virtual Look 2
2007-04-08 14:02 <REP> d-------- C:\Program Files\MSXML 4.0
2007-04-08 14:02 <REP> d-------- C:\4803e9606cd9d897f4
2007-04-08 00:45 <REP> d-------- C:\Program Files\COSMOPOLITAN
2007-04-08 00:42 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-04-07 20:42 <REP> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-04-07 20:41 84,512 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-04-07 20:41 6,080 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-04-07 20:41 6,080 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2007-04-07 20:41 6,064 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-04-07 20:41 52,384 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2007-04-07 20:41 5,744 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-04-07 20:41 5,744 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2007-04-07 20:41 <REP> d-------- C:\WINDOWS\system32\Samsung
2007-04-07 20:41 <REP> d-------- C:\Program Files\Samsung
2007-04-04 02:45 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
2007-04-02 22:04 <REP> d-------- C:\Program Files\WowCartographe
2007-04-02 17:57 <REP> d-------- C:\Program Files\Skype
2007-04-02 17:57 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-04-02 17:57 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Skype
2007-04-02 17:57 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-04-01 23:15 286,208 --a------ C:\WINDOWS\system32\binkw32.dll
2007-04-01 22:49 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-04-01 22:49 <REP> dr-h----- C:\DOCUME~1\DaMi$$\APPLIC~1\SecuROM
2007-04-01 22:37 <REP> d-------- C:\Program Files\Atari
2007-03-31 11:24 <REP> d-------- C:\Program Files\iTunes
2007-03-31 11:24 <REP> d-------- C:\Program Files\iPod
2007-03-30 21:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
2007-03-28 22:51 <REP> d-------- C:\Program Files\Les Boucliers de Quetzalcoatl
2007-03-28 06:01 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Canon
2007-03-27 05:58 26 --a------ C:\WINDOWS\winstart.bat
2007-03-27 05:58 123 --a------ C:\WINDOWS\tmpcpyis.bat
2007-03-27 05:58 122 --a------ C:\WINDOWS\tmpdelis.bat
2007-03-27 05:57 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2007-03-27 05:57 1,053,184 --a------ C:\WINDOWS\system32\SierraNW.dll
2007-03-27 05:57 <REP> d-------- C:\WINDOWS\solcache
2007-03-27 05:56 <REP> d-------- C:\SIERRA
2007-03-27 05:56 <REP> d-------- C:\Program Files\Sierra On-Line
2007-03-26 15:32 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Apple Computer
2007-03-25 21:09 <REP> d-------- C:\WINDOWS\Sun
2007-03-25 21:09 <REP> d-------- C:\Program Files\Google
2007-03-25 21:09 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Sun
2007-03-25 21:09 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Google
2007-03-25 21:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-03-25 21:08 <REP> d-------- C:\Program Files\Java
2007-03-25 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Java
2007-03-25 17:56 54,936 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-03-25 17:56 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-03-25 17:56 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-24 19:33 <REP> d-------- C:\DOCUME~1\DaMi$$\Contacts
2007-03-24 18:55 <REP> d-------- C:\Program Files\SLD Codec Pack
2007-03-24 03:12 <REP> d-------- C:\Program Files\QuickTime
2007-03-24 03:12 <REP> d-------- C:\Program Files\Apple Software Update
2007-03-24 03:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-03-24 03:09 <REP> d-------- C:\Program Files\Toon Boom Animation
2007-03-23 17:17 <REP> d-------- C:\Valve
2007-03-22 21:14 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-03-22 21:04 <REP> d-------- C:\Program Files\Deep Silver
2007-03-22 19:57 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-03-22 19:36 <REP> d-------- C:\Program Files\World of Warcraft
2007-03-22 19:31 <REP> d-------- C:\Program Files\MSBuild
2007-03-22 19:31 <REP> d-------- C:\Program Files\Microsoft Works
2007-03-22 19:30 <REP> d-------- C:\Program Files\Microsoft.NET
2007-03-22 19:28 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-03-22 19:27 <REP> dr-h----- C:\MSOCache
2007-03-22 19:27 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-03-22 19:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-03-22 19:20 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\Creative
2007-03-22 19:17 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-03-22 19:16 86,016 -ra------ C:\WINDOWS\CtDrvIns.exe
2007-03-22 19:16 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-22 19:16 65,536 -ra------ C:\WINDOWS\system32\CtCamMgr.dll
2007-03-22 19:16 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-03-22 19:16 503,507 -ra------ C:\WINDOWS\system32\drivers\V0080Dev.sys
2007-03-22 19:16 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-22 19:16 49,152 -ra------ C:\WINDOWS\system32\V0080Hwx.dll
2007-03-22 19:16 36,864 -ra------ C:\WINDOWS\system32\V0080Pin.dll
2007-03-22 19:16 36,864 -ra------ C:\WINDOWS\system32\CtRegApp.dll
2007-03-22 19:16 3,525 -ra------ C:\WINDOWS\system32\drivers\CamH2111.bin
2007-03-22 19:16 3,525 -ra------ C:\WINDOWS\system32\drivers\CamF2111.bin
2007-03-22 19:16 20,480 -ra------ C:\WINDOWS\V0080Cfg.exe
2007-03-22 19:16 20,480 -ra------ C:\WINDOWS\system32\V0080Srv.exe
2007-03-22 19:16 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-22 19:16 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-22 19:16 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-22 19:16 126,976 -ra------ C:\WINDOWS\system32\V0080Vfw.dll
2007-03-22 19:16 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-22 19:16 106,496 -ra------ C:\WINDOWS\system32\V0080Sti.dll
2007-03-22 19:16 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-22 19:16 1,125,376 -ra------ C:\WINDOWS\system32\drivers\V0080Evx.sys
2007-03-22 19:15 <REP> d-------- C:\Program Files\Creative
2007-03-22 19:09 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\vlc
2007-03-22 19:08 <REP> d-------- C:\Program Files\neuf telecom
2007-03-22 19:02 9,728 --a------ C:\WINDOWS\system32\RNAPH.DLL
2007-03-22 19:02 48,128 --a------ C:\WINDOWS\system32\SMMSCRPT.DLL
2007-03-22 19:02 22,528 --a------ C:\WINDOWS\system32\borlndmm.dll
2007-03-22 19:02 <REP> d-------- C:\WINDOWS\neufBOX_ADSL
2007-03-22 19:02 <REP> d-------- C:\Program Files\Kit ADSL
2007-03-22 18:57 <REP> d-------- C:\Program Files\VirtualDJ
2007-03-22 18:26 <REP> d-------- C:\Program Files\EClea2_0
2007-03-22 18:25 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-03-22 18:14 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\MSNInstaller
2007-03-22 18:09 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-22 18:08 <REP> d-------- C:\Program Files\MSN Messenger
2007-03-22 18:06 <REP> d-------- C:\Program Files\MessengerPlus! 3
2007-03-22 17:07 <REP> d-------- C:\Program Files\Fichiers communs\L&H
2007-03-22 17:06 <REP> d-------- C:\Program Files\COMMON~1
2007-03-22 17:05 60,944 --a------ C:\WINDOWS\DASShp.dll
2007-03-22 17:05 <REP> d-------- C:\Program Files\Microsoft Reader
2007-03-22 16:51 <REP> d-------- C:\Program Files\MSECache
2007-03-22 16:46 <REP> d-------- C:\Program Files\WinAVI MP4 Converter
2007-03-22 16:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-22 16:22 <REP> d-------- C:\Program Files\eMule
2007-03-22 15:55 249,347 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_4359.exe
2007-03-22 15:55 <REP> d-------- C:\Program Files\Alcohol Toolbar
2007-03-22 15:55 <REP> d-------- C:\Program Files\Alcohol Soft
2007-03-22 15:53 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-22 15:38 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-03-22 15:37 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-03-22 15:37 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-22 15:16 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-03-22 15:14 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-03-22 15:14 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-03-22 15:14 <REP> d-------- C:\WINDOWS\network diagnostic
2007-03-22 15:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-03-22 15:11 <REP> d---s---- C:\DOCUME~1\DaMi$$\UserData
2007-03-22 14:38 304,128 --a------ C:\WINDOWS\IsUninst.exe
2007-03-22 14:38 <REP> d-------- C:\DOCUME~1\DaMi$$\WINDOWS
2007-03-22 14:37 99,840 --a------ C:\WINDOWS\system32\ltfil10N.DLL
2007-03-22 14:37 97,280 --a------ C:\WINDOWS\system32\ekfpixjpeg.dll
2007-03-22 14:37 74,240 --a------ C:\WINDOWS\system32\ProFire.dll
2007-03-22 14:37 73,216 --a------ C:\WINDOWS\PhotoDeluxe.scr
2007-03-22 14:37 71,168 --a------ C:\WINDOWS\system32\ekexifio.dll
2007-03-22 14:37 7,808 --a------ C:\WINDOWS\system32\dc240u.sys
2007-03-22 14:37 69,632 --a------ C:\WINDOWS\system32\pssetup.dll
2007-03-22 14:37 68,096 --a------ C:\WINDOWS\system32\ekfpixpsets.dll
2007-03-22 14:37 65,864 --a------ C:\WINDOWS\system32\Digita.sys
2007-03-22 14:37 6,144 --a------ C:\WINDOWS\system32\ImgLibLead.dll
2007-03-22 14:37 59,904 --a------ C:\WINDOWS\system32\Nkdserl.dll
2007-03-22 14:37 59,392 --a------ C:\WINDOWS\system32\Camapi32.dll
2007-03-22 14:37 57,344 --a------ C:\WINDOWS\system32\psdvelop.dll
2007-03-22 14:37 55,808 --a------ C:\WINDOWS\system32\Ltfil70n.dll
2007-03-22 14:37 48,640 --a------ C:\WINDOWS\catalogSubInstaller.exe
2007-03-22 14:37 45,568 --a------ C:\WINDOWS\system32\DC210V204_32.dll
2007-03-22 14:37 45,568 --a------ C:\WINDOWS\system32\DC210.dll
2007-03-22 14:37 45,056 --a------ C:\WINDOWS\system32\psaddimg.dll
2007-03-22 14:37 446,976 --a------ C:\WINDOWS\system32\ekfpixio130.dll
2007-03-22 14:37 43,520 --a------ C:\WINDOWS\system32\ekfpixaudio.dll
2007-03-22 14:37 403,968 --a------ C:\WINDOWS\system32\PDC_SDK.dll
2007-03-22 14:37 4,608 --a------ C:\WINDOWS\system32\ekfpixguid.dll
2007-03-22 14:37 349,696 --a------ C:\WINDOWS\system32\Ltkrn70n.dll
2007-03-22 14:37 34,304 --a------ C:\WINDOWS\system32\Nkdscsi.dll
2007-03-22 14:37 34,304 --a------ C:\WINDOWS\system32\lfbmp10N.dll
2007-03-22 14:37 32,768 --a------ C:\WINDOWS\system32\PLUGIN.DLL
2007-03-22 14:37 32,768 --a------ C:\WINDOWS\system32\F210.dll
2007-03-22 14:37 308,224 --a------ C:\WINDOWS\system32\E300.dll
2007-03-22 14:37 291,840 --a------ C:\WINDOWS\system32\ltkrn10N.dll
2007-03-22 14:37 29,696 --a------ C:\WINDOWS\system32\E300str.dll
2007-03-22 14:37 274,432 --a------ C:\WINDOWS\system32\psdecode.dll
2007-03-22 14:37 249,856 --a------ C:\WINDOWS\system32\Snap32n.dll
2007-03-22 14:37 240,128 --a------ C:\WINDOWS\system32\LFCMP10N.DLL
2007-03-22 14:37 24,576 --a------ C:\WINDOWS\system32\Lfbmp70n.dll
2007-03-22 14:37 230,400 --a------ C:\WINDOWS\system32\DC265.dll
2007-03-22 14:37 225,280 --a------ C:\WINDOWS\system32\LFCMP70n.DLL
2007-03-22 14:37 215,040 --a------ C:\WINDOWS\system32\SC.dll
2007-03-22 14:37 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2007-03-22 14:37 207,872 --a------ C:\WINDOWS\system32\psl350.dll
2007-03-22 14:37 20,976 --a------ C:\WINDOWS\system32\CTL3D.DLL
2007-03-22 14:37 19,968 --a------ C:\WINDOWS\system32\Comm32.dll
2007-03-22 14:37 176,128 --a------ C:\WINDOWS\system32\psll.dll
2007-03-22 14:37 176,128 --a------ C:\WINDOWS\system32\Kzdi20.dll
2007-03-22 14:37 168,960 --a------ C:\WINDOWS\system32\deimg.dll
2007-03-22 14:37 167,936 --a------ C:\WINDOWS\system32\deimg603.dll
2007-03-22 14:37 162,816 --a------ C:\WINDOWS\system32\deimg602.dll
2007-03-22 14:37 161,792 --a------ C:\WINDOWS\system32\deimg401.dll
2007-03-22 14:37 161,280 --a------ C:\WINDOWS\system32\deimg301.dll
2007-03-22 14:37 138,240 --a------ C:\WINDOWS\system32\ekfpixexif.dll
2007-03-22 14:37 119,296 --a------ C:\WINDOWS\system32\Dc50v11_32.dll
2007-03-22 14:37 114,688 --a------ C:\WINDOWS\system32\pscollec.dll
2007-03-22 14:37 110,592 --a------ C:\WINDOWS\system32\DC240.dll
2007-03-22 14:37 102,400 --a------ C:\WINDOWS\system32\psparse.dll
2007-03-22 14:37 100,864 --a------ C:\WINDOWS\system32\Dc50ip32.dll
2007-03-22 14:37 1,436,672 --a------ C:\WINDOWS\system32\Kzlw20.dll
2007-03-22 14:37 <REP> d-------- C:\WINDOWS\system32\Color
2007-03-22 14:37 <REP> d-------- C:\Program Files\Fichiers communs\FotoNation
2007-03-22 14:37 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-03-22 14:33 8,704 --a------ C:\WINDOWS\system32\CNMVS7J.DLL
2007-03-22 14:33 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-22 14:33 140,288 --a------ C:\WINDOWS\system32\CNMLM7J.DLL
2007-03-22 14:33 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
2007-03-22 14:30 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\ScanSoft
2007-03-22 14:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
2007-03-22 14:30 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
2007-03-22 14:29 <REP> d-------- C:\Program Files\ScanSoft
2007-03-22 14:29 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2007-03-22 14:28 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-03-22 14:28 <REP> d-------- C:\Program Files\ArcSoft
2007-03-22 14:27 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2007-03-22 14:27 <REP> d-------- C:\WINDOWS\StartHtmico
2007-03-22 14:26 69,632 --a------ C:\WINDOWS\system32\CNCI170.DLL
2007-03-22 14:26 49,152 --a------ C:\WINDOWS\system32\cncisco.dll
2007-03-22 14:26 221,184 --a------ C:\WINDOWS\system32\CNCC170.DLL
2007-03-22 14:26 139,264 --a------ C:\WINDOWS\system32\CNCL170.DLL
2007-03-22 14:26 <REP> d--h----- C:\WINDOWS\system32\CanonMP Uninstaller Information
2007-03-22 14:26 <REP> d--h----- C:\CanonMP
2007-03-22 14:26 <REP> d-------- C:\Program Files\Canon
2007-03-22 14:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-03-22 14:23 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-03-22 14:23 2,682,880 --------- C:\WINDOWS\UNNeroVision.exe
2007-03-22 14:23 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2007-03-22 14:22 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-22 14:22 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-22 14:22 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-03-22 14:22 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-03-22 14:22 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-03-22 14:22 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-22 14:22 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-03-22 14:22 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-03-22 14:22 <REP> d-------- C:\Program Files\Ahead
2007-03-22 14:22 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-03-22 03:17 8,192 --a------ C:\WINDOWS\system32\mcempgvout.dll
2007-03-22 03:17 49,152 --a------ C:\WINDOWS\system32\Macrovision.dll
2007-03-22 03:17 146,432 --a------ C:\WINDOWS\system32\mcempgmux.dll
2007-03-22 03:17 129,536 --a------ C:\WINDOWS\system32\mcempgaout.dll
2007-03-22 03:07 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-22 03:07 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-03-22 00:50 <REP> d-------- C:\WINDOWS\Internet Logs
2007-03-22 00:27 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-22 00:27 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-22 00:27 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-22 00:27 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-22 00:27 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-03-22 00:27 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-22 00:27 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-03-22 00:27 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-22 00:27 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-22 00:27 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-03-22 00:26 <REP> d-------- C:\Program Files\Alwil Software
2007-03-22 00:24 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-03-22 00:15 <REP> d-------- C:\DOCUME~1\DaMi$$\APPLIC~1\ATI
2007-03-22 00:12 <REP> d-------- C:\Program Files\ATI Technologies
2007-03-22 00:11 <REP> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-22 00:06 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-22 00:05 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-22 00:05 124,672 -ra------ C:\WINDOWS\system32\drivers\SiSGbeXP.sys
2007-03-22 00:05 112,794 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-03-22 00:04 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-22 00:03 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-22 00:03 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-22 00:03 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-22 00:03 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-22 00:03 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-22 00:03 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-22 00:03 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-22 00:03 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-22 00:03 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-22 00:03 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-22 00:02 88,960 --a------ C:\WINDOWS\system32\drivers\MidiSyn.sys
2007-03-22 00:01 991,232 --------- C:\WINDOWS\system32\virtear.dll
2007-03-22 00:01 765,952 --------- C:\WINDOWS\system\crlds3d.dll
2007-03-22 00:01 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-03-22 00:01 65,536 --------- C:\WINDOWS\system32\Audio3d.dll
2007-03-22 00:01 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-22 00:01 49,152 --------- C:\WINDOWS\system32\DSndUp.exe
2007-03-22 00:01 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2007-03-22 00:01 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-22 00:01 392,704 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-03-22 00:01 30,208 --------- C:\WINDOWS\system32\wdmioctl.dll
2007-03-22 00:01 221,376 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-03-22 00:01 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-22 00:01 127,872 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-03-22 00:01 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2007-03-22 00:01 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-22 00:01 <REP> d-------- C:\WINDOWS\VirtualEar
2007-03-22 00:01 <REP> d-------- C:\Program Files\Analog Devices
2007-03-22 00:00 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-03-21 23:59 <REP> d--hs---- C:\RECYCLER
2007-03-21 23:56 4,194,304 --ah----- C:\DOCUME~1\DaMi$$\NTUSER.DAT
2007-03-21 23:56 <REP> dr------- C:\DOCUME~1\DaMi$$\Mes documents
2007-03-21 23:56 <REP> dr------- C:\DOCUME~1\DaMi$$\Menu D‚marrer
2007-03-21 23:56 <REP> dr------- C:\DOCUME~1\DaMi$$\Favoris
2007-03-21 23:56 <REP> d--h----- C:\DOCUME~1\DaMi$$\Voisinage r‚seau
2007-03-21 23:56 <REP> d--h----- C:\DOCUME~1\DaMi$$\Voisinage d'impression
2007-03-21 23:56 <REP> d--h----- C:\DOCUME~1\DaMi$$\ModŠles
2007-03-21 23:56 <REP> d-------- C:\DOCUME~1\DaMi$$\Bureau
2007-03-21 23:55 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-21 23:55 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-21 23:55 <REP> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-21 23:55 <REP> d-------- C:\WINDOWS\Prefetch
2007-03-21 23:52 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-21 23:52 <REP> d-------- C:\WINDOWS\system32\xircom
2007-03-21 23:52 <REP> d-------- C:\Program Files\microsoft frontpage
2007-03-21 23:51 <REP> d-------- C:\WINDOWS\system32\URTTemp
2007-03-21 23:51 <REP> d-------- C:\WINDOWS\fsc
2007-03-21 23:51 <REP> d-------- C:\AddOn
2007-03-21 23:50 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-21 23:50 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-21 23:50 0 -rahs---- C:\MSDOS.SYS
2007-03-21 23:50 0 -rahs---- C:\IO.SYS
2007-03-21 23:50 0 --a------ C:\CONFIG.SYS
2007-03-21 23:50 0 --a------ C:\AUTOEXEC.BAT
2007-03-21 23:50 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-03-21 23:49 <REP> dr------- C:\WINDOWS\Offline Web Pages
2007-03-21 23:49 <REP> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-21 23:49 <REP> d--h----- C:\Program Files\WindowsUpdate
2007-03-21 23:49 <REP> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-21 23:49 <REP> d-------- C:\WINDOWS\system32\DirectX
2007-03-21 23:49 <REP> d-------- C:\Program Files\Services en ligne
2007-03-21 23:48 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-21 23:48 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-21 23:48 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-21 23:48 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-21 23:48 73,600 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-21 23:48 72,192 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-21 23:48 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-21 23:48 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-21 23:48 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-21 23:48 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-21 23:48 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-21 23:48 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-21 23:48 50,688 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-21 23:48 467,224 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-21 23:48 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-21 23:48 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-21 23:48 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-21 23:48 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-21 23:48 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-21 23:48 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-21 23:48 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-21 23:48 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-21 23:48 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-21 23:48 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-21 23:48 281,600 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-21 23:48 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-21 23:48 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-21 23:48 241,664 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-21 23:48 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-03-21 23:48 195,352 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-21 23:48 193,024 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-21 23:48 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-21 23:48 175,896 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-21 23:48 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-21 23:48 171,008 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-21 23:48 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-21 23:48 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-21 23:48 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-21 23:48 128,792 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-21 23:48 125,720 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-21 23:48 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-21 23:48 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-21 23:48 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-21 23:48 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-21 23:48 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-21 23:48 <REP> d---s---- C:\WINDOWS\Tasks
2007-03-21 23:48 <REP> d-------- C:\WINDOWS\system32\Restore
2007-03-21 23:48 <REP> d-------- C:\WINDOWS\system32\Macromed
2007-03-21 23:48 <REP> d-------- C:\WINDOWS\srchasst
2007-03-21 23:48 <REP> d-------- C:\Program Files\Movie Maker
2007-03-21 23:48 <REP> d-------- C:\Program Files\Fichiers communs\MSSoap
2007-03-21 23:47 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-21 23:47 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-21 23:47 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-21 23:47 35,840 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-21 23:47 232,960 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-21 23:47 21,892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-21 23:47 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-21 23:47 139,264 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-21 23:47 <REP> d-------- C:\WINDOWS\Registration
2007-03-21 23:47 <REP> d-------- C:\Program Files\Online Services
2007-03-21 23:47 <REP> d-------- C:\Program Files\MSN Gaming Zone
2007-03-21 23:47 <REP> d-------- C:\Program Files\Messenger
2007-03-21 23:46 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-21 23:46 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-21 23:46 94,208 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-21 23:46 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-21 23:46 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-21 23:46 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-21 23:46 80,896 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-21 23:46 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-21 23:46 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-21 23:46 634,880 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-21 23:46 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-21 23:46 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-21 23:46 61,952 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-21 23:46 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-21 23:46 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-21 23:46 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-21 23:46 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-21 23:46 57,344 --a------ C:\WINDOWS\system32\sol.exe
2007-03-21 23:46 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-21 23:46 55,808 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-21 23:46 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-21 23:46 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-21 23:46 539,136 --a------ C:\WINDOWS\system32\spider.exe
2007-03-21 23:46 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-21 23:46 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-21 23:46 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-21 23:46 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-21 23:46 411,648 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-21 23:46 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-21 23:46 4,608 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-21 23:46 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-21 23:46 39,424 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-21 23:46 354,304 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-21 23:46 347,648 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-21 23:46 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-21 23:46 297,984 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-21 23:46 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-21 23:46 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-21 23:46 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-21 23:46 22,528 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-21 23:46 22,528 --a------ C:\WINDOWS\system32\msg.exe
2007-03-21 23:46 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-21 23:46 20,992 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-21 23:46 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-21 23:46 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-21 23:46 191,488 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-21 23:46 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-21 23:46 189,952 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-21 23:46 17,920 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-21 23:46 17,408 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-21 23:46 17,408 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-21 23:46 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-21 23:46 16,896 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-21 23:46 16,384 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-21 23:46 15,872 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-21 23:46 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-21 23:46 15,360 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-21 23:46 15,360 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-21 23:46 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-21 23:46 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-21 23:46 142,336 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-21 23:46 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-21 23:46 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-21 23:46 133,120 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-21 23:46 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-21 23:46 128,000 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-21 23:46 124,928 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-21 23:46 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-21 23:46 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-21 23:46 115,200 --a------ C:\WINDOWS\system32\calc.exe
2007-03-21 23:46 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-21 23:46 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-21 23:46 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-21 23:46 104,448 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-21 23:46 10,240 --a------ C:\WINDOWS\system32\reset.exe
2007-03-21 23:46 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-21 23:46 1,263 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-21 23:46 <REP> d-------- C:\WINDOWS\system32\MsDtc
2007-03-21 23:46 <REP> d-------- C:\WINDOWS\system32\Com
2007-03-21 23:46 <REP> d-------- C:\Program Files\Windows NT
2007-03-21 19:44 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-21 19:44 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-21 19:43 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-21 19:42 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-21 19:42 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-03-21 19:42 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-21 19:41 <REP> dr------- C:\Program Files
2007-03-21 19:41 <REP> d--hs---- C:\WINDOWS\Installer
2007-03-21 19:41 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-03-21 19:41 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
2007-03-21 19:40 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-21 19:40 9,104 --a------ C:\WINDOWS\system\VER.DLL
2007-03-21 19:40 86,044 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-21 19:40 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-21 19:40 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-21 19:40 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-21 19:40 76,800 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-21 19:40 70,688 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-21 19:40 70,656 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-21 19:40 70,352 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-21 19:40 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-21 19:40 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-21 19:40 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-21 19:40 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-21 19:40 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-21 19:40 33,904 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-21 19:40 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-21 19:40 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-21 19:40 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-21 19:40 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-21 19:40 15,872 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-21 19:40 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-21 19:40 127,168 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-21 19:40 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-21 19:40 109,568 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-21 19:40 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-21 19:40 <REP> dr------- C:\DOCUME~1\DEFAUL~1\Menu D‚marrer
2007-03-21 19:40 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Menu D‚marrer
2007-03-21 19:40 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage r‚seau
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage d'impression
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\ModŠles
2007-03-21 19:40 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\ModŠles
2007-03-21 19:40 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-21 19:40 <REP> d-------- C:\WINDOWS\system32\CatRoot
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Mes documents
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Favoris
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Bureau
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Favoris
2007-03-21 19:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Bureau
2007-03-21 19:39 <REP> d--hs---- C:\System Volume Information
2007-03-21 19:39 <REP> d-------- C:\Documents and Settings
2007-03-21 19:32 <REP> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-21 19:32 <REP> dr--s---- C:\WINDOWS\Fonts
2007-03-21 19:32 <REP> dr------- C:\WINDOWS\Web
2007-03-21 19:32 <REP> d--h----- C:\WINDOWS\inf
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\WinSxS
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\twain_32
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\wins
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\wbem
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\usmt
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\spool
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\ShellExt
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\Setup
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\ras
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\oobe
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\npp
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\mui
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\inetsrv
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\IME
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\icsxml
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\ias
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\export
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\drivers
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\dhcp
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\config
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\3076
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\2052
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1054
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1042
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1041
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1037
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1036
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1033
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1031
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1028
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32\1025
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system32
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\system
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\security
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Resources
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\repair
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Provisioning
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\PeerNet
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\pchealth
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\OEM
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\mui
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\msapps
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\msagent
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Media
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\java
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\ime
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Help
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Driver Cache
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Debug
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Cursors
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Connection Wizard
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\Config
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\AppPatch
2007-03-21 19:32 <REP> d-------- C:\WINDOWS\addins
2007-03-21 19:32 <REP> d-------- C:\WINDOWS
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-03-27 06:01 76144 --a------ C:\WINDOWS\system32\perfc00c.dat
2007-03-27 06:01 470828 --a------ C:\WINDOWS\system32\perfh00c.dat
2007-03-21 19:40 62 --ahs---- C:\DOCUME~1\DaMi$$\APPLIC~1\desktop.ini
2007-03-17 15:44 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:37 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:33 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-30 16:06 151048 --a------ C:\WINDOWS\dasact.dll
2007-01-30 15:52 28755 --a------ C:\WINDOWS\udhid.dll
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B572F27E-E372-4C72-B3FB-11F376E21785}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M]
Shell\AutoRun\command M:\EAutorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdaf9ad6-d87c-11db-9e61-0015f2611221}]
Shell\AutoRun\command M:\EAutorun.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
********************************************************************
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-04-14 14:17:09
C:\ComboFix-quarantined-files.txt ... 07-04-14 14:17
C:\ComboFix2.txt ... 07-04-12 21:54
Il reste des fichiers.
Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
**Si le lien ne fonctionne pas, clique ici**
Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
**Si le lien ne fonctionne pas, clique ici**
voila le rapport
SmitFraudFix v2.168
Rapport fait à 1:36:51,39, 16/04/2007
Executé à partir de C:\Documents and Settings\DaMi$$\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\dr.exe PRESENT !
C:\WINDOWS\Tasks\At?.job PRESENT !
C:\WINDOWS\Tasks\At??.job PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DaMi$$
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DaMi$$\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DaMi$$\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\serial.dat PRESENT !
C:\Program Files\serial.zip PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SiS191 100/10 Ethernet Device - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BACE69B-482C-4A47-9054-04996D7E370C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BACE69B-482C-4A47-9054-04996D7E370C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5BACE69B-482C-4A47-9054-04996D7E370C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.168
Rapport fait à 1:36:51,39, 16/04/2007
Executé à partir de C:\Documents and Settings\DaMi$$\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\dr.exe PRESENT !
C:\WINDOWS\Tasks\At?.job PRESENT !
C:\WINDOWS\Tasks\At??.job PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DaMi$$
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\DaMi$$\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DaMi$$\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\serial.dat PRESENT !
C:\Program Files\serial.zip PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SiS191 100/10 Ethernet Device - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BACE69B-482C-4A47-9054-04996D7E370C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BACE69B-482C-4A47-9054-04996D7E370C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5BACE69B-482C-4A47-9054-04996D7E370C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Pas besoin de poster deux fois le rapport ![:D]( ":D")
(j'en ai supprimé un)
Redémarre en mode sans échec
Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.
Redémarre normalement.
Poste les rapports Hijackthis et SmitfraudFix.
(j'en ai supprimé un)
Redémarre en mode sans échec
Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.
Redémarre normalement.
Poste les rapports Hijackthis et SmitfraudFix.
Désolée ^^
SmitFraudFix v2.168
Rapport fait à 15:04:19,98, 16/04/2007
Executé à partir de C:\Documents and Settings\DaMi$$\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\dr.exe supprimé
C:\WINDOWS\Tasks\At?.job supprimé
C:\WINDOWS\Tasks\At??.job supprimé
C:\Program Files\serial.dat supprimé
C:\Program Files\serial.zip supprimé
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BACE69B-482C-4A47-9054-04996D7E370C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BACE69B-482C-4A47-9054-04996D7E370C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5BACE69B-482C-4A47-9054-04996D7E370C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.168
Rapport fait à 15:04:19,98, 16/04/2007
Executé à partir de C:\Documents and Settings\DaMi$$\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\dr.exe supprimé
C:\WINDOWS\Tasks\At?.job supprimé
C:\WINDOWS\Tasks\At??.job supprimé
C:\Program Files\serial.dat supprimé
C:\Program Files\serial.zip supprimé
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BACE69B-482C-4A47-9054-04996D7E370C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BACE69B-482C-4A47-9054-04996D7E370C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5BACE69B-482C-4A47-9054-04996D7E370C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumOuvertures intempestive de fenetre de pub
- ForumOuverture intempestive d'onglets pubs.
- ForumOuverture intempestive de pages internet firefox
- ForumOuverture intempestive de pages internet explorer
- ForumOuverture intempestive de pages internet google
- articlesOuverture intempestive pages web chrome
- Voir plus
